Skip to main content
Glama
DynamicEndpoints

Microsoft 365 Core MCP Server

by DynamicEndpoints
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Remote

manage_dlp_policies

Manage Data Loss Prevention policies to protect sensitive data across Exchange, SharePoint, OneDrive, and Teams. Create, update, delete, or test policies to control data sharing and prevent unauthorized access.

Instructions

Manage Data Loss Prevention policies to protect sensitive data across Exchange, SharePoint, OneDrive, and Teams.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
actionYesDLP policy management action
policyIdNoDLP policy ID
nameNoPolicy name
descriptionNoPolicy description
locationsNoPolicy locations
rulesNoPolicy rules configuration
settingsNoPolicy settings

Implementation Reference

  • src/handlers/dlp-handler.ts:6-79 (handler)
    Core handler function implementing manage_dlp_policies tool logic: supports list, get, create, update, delete, test DLP policies using Microsoft Graph beta API /security/dataLossPreventionPolicies
    export async function handleDLPPolicies( graphClient: Client, args: DLPPolicyArgs ): Promise<{ content: { type: string; text: string }[] }> { let apiPath = ''; let result: any; switch (args.action) { case 'list': // List all DLP policies apiPath = '/beta/security/dataLossPreventionPolicies'; result = await graphClient.api(apiPath).get(); break; case 'get': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for get action'); } apiPath = `/beta/security/dataLossPreventionPolicies/${args.policyId}`; result = await graphClient.api(apiPath).get(); break; case 'create': if (!args.name) { throw new McpError(ErrorCode.InvalidParams, 'name is required for create action'); } apiPath = '/beta/security/dataLossPreventionPolicies'; const createPayload = { displayName: args.name, description: args.description || '', status: args.settings?.enabled ? 'enabled' : 'disabled', // locations: args.locations, // Locations are part of rules, not top-level policy // mode: args.settings?.mode, // Mode is also part of rules // priority: args.settings?.priority, // Priority is also part of rules }; result = await graphClient.api(apiPath).post(createPayload); break; case 'update': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for update action'); } apiPath = `/beta/security/dataLossPreventionPolicies/${args.policyId}`; const updatePayload = { displayName: args.name, description: args.description, status: args.settings?.enabled ? 'enabled' : 'disabled', }; result = await graphClient.api(apiPath).patch(updatePayload); break; case 'delete': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for delete action'); } apiPath = `/beta/security/dataLossPreventionPolicies/${args.policyId}`; await graphClient.api(apiPath).delete(); result = { message: 'DLP policy deleted successfully' }; break; case 'test': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for test action'); } // This would typically involve creating a test case result = { message: 'DLP policy test initiated', policyId: args.policyId }; break; default: throw new McpError(ErrorCode.InvalidParams, `Invalid action: ${args.action}`); } return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] }; }
  • src/server.ts:678-697 (registration)
    MCP server tool registration for 'manage_dlp_policies': maps to handleDLPPolicies handler, uses dlpPolicySchema for input validation, includes annotations and description
    this.server.tool( "manage_dlp_policies", "Manage Data Loss Prevention policies to protect sensitive data across Exchange, SharePoint, OneDrive, and Teams.", dlpPolicySchema.shape, {"readOnlyHint":false,"destructiveHint":true,"idempotentHint":false}, wrapToolHandler(async (args: DLPPolicyArgs) => { this.validateCredentials(); try { return await handleDLPPolicies(this.getGraphClient(), args); } catch (error) { if (error instanceof McpError) { throw error; } throw new McpError( ErrorCode.InternalError, `Error executing tool: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }) );
  • src/tool-definitions.ts:209-239 (schema)
    Zod input schema (dlpPolicySchema) for manage_dlp_policies tool, defining actions (list/get/create/update/delete/test), policy details, rules, conditions, actions, and settings
    export const dlpPolicySchema = z.object({ action: z.enum(['list', 'get', 'create', 'update', 'delete', 'test']).describe('DLP policy management action'), policyId: z.string().optional().describe('DLP policy ID'), name: z.string().optional().describe('Policy name'), description: z.string().optional().describe('Policy description'), locations: z.array(z.enum(['Exchange', 'SharePoint', 'OneDrive', 'Teams', 'Endpoint'])).optional().describe('Policy locations'), rules: z.array(z.object({ name: z.string().describe('Rule name'), conditions: z.array(z.object({ type: z.enum(['ContentContains', 'SensitiveInfoType', 'DocumentProperty', 'MessageProperty']).describe('Condition type'), value: z.string().describe('Condition value'), operator: z.enum(['Equals', 'Contains', 'StartsWith', 'EndsWith', 'RegexMatch']).optional().describe('Condition operator'), caseSensitive: z.boolean().optional().describe('Case sensitive matching'), })).describe('Rule conditions'), actions: z.array(z.object({ type: z.enum(['Block', 'BlockWithOverride', 'Notify', 'Audit', 'Quarantine']).describe('Action type'), settings: z.object({ notificationMessage: z.string().optional().describe('Notification message'), blockMessage: z.string().optional().describe('Block message'), allowOverride: z.boolean().optional().describe('Allow override'), overrideJustificationRequired: z.boolean().optional().describe('Override justification required'), }).optional().describe('Action settings'), })).describe('Rule actions'), enabled: z.boolean().optional().describe('Whether rule is enabled'), priority: z.number().optional().describe('Rule priority'), })).optional().describe('Policy rules configuration'), settings: z.object({ mode: z.enum(['Test', 'TestWithNotifications', 'Enforce']).optional().describe('Policy mode'), priority: z.number().optional().describe('Policy priority'), enabled: z.boolean().optional().describe('Whether policy is enabled'), }).optional().describe('Policy settings'), });
  • src/types/dlp-types.ts:2-14 (schema)
    TypeScript interface DLPPolicyArgs defining input parameters for the DLP policy handler, matching the Zod schema
    export interface DLPPolicyArgs { action: 'list' | 'get' | 'create' | 'update' | 'delete' | 'test'; policyId?: string; name?: string; description?: string; locations?: ('Exchange' | 'SharePoint' | 'OneDrive' | 'Teams' | 'Endpoint')[]; rules?: DLPRule[]; settings?: { mode?: 'Test' | 'TestWithNotifications' | 'Enforce'; priority?: number; enabled?: boolean; }; }
  • src/tool-metadata.ts:110-113 (helper)
    Tool metadata providing description, title, and annotations (readOnlyHint, destructiveHint, etc.) for manage_dlp_policies used in MCP tool discovery and UI hints
    manage_dlp_policies: { description: "Manage Data Loss Prevention policies to protect sensitive data across Exchange, SharePoint, OneDrive, and Teams.", title: "DLP Policy Manager", annotations: { title: "DLP Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true }

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DynamicEndpoints/m365-core-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server