manage_exchange_policies
Configure and manage Exchange Online policies for mail flow, mobile device access, and organization settings to control email security and user permissions.
Instructions
Manage Exchange Online policies including mail flow rules, mobile device access, and organization-wide settings.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| action | Yes | Action to perform on Exchange policy | |
| policyType | Yes | Type of Exchange policy | |
| policyId | No | Exchange policy ID for specific operations | |
| displayName | No | Display name for the policy | |
| description | No | Description of the policy | |
| isDefault | No | Whether this is the default policy | |
| settings | No | Policy settings | |
| appliedTo | No | Policy application scope |
Implementation Reference
- Core handler function that executes manage_exchange_policies tool logic, handling CRUD operations for various Exchange policy types like addressBook, OWA, ActiveSync, retention, and DLP policies using Microsoft Graph API endpoints.export async function handleExchangePolicies( graphClient: Client, args: ExchangePolicyArgs ): Promise<{ content: { type: string; text: string }[] }> { let apiPath = ''; let result: any; // Map policy types to API endpoints const policyEndpoints = { addressBook: '/admin/exchange/addressBookPolicies', outlookWebApp: '/admin/exchange/owaMailboxPolicies', activeSyncMailbox: '/admin/exchange/activeSyncMailboxPolicies', retentionPolicy: '/admin/exchange/retentionPolicies', dlpPolicy: '/admin/exchange/dataLossPreventionPolicies' }; const endpoint = policyEndpoints[args.policyType]; if (!endpoint) { throw new McpError(ErrorCode.InvalidParams, `Unsupported policy type: ${args.policyType}`); } switch (args.action) { case 'list': apiPath = endpoint; result = await graphClient.api(apiPath).get(); break; case 'get': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for get action'); } apiPath = `${endpoint}/${args.policyId}`; result = await graphClient.api(apiPath).get(); break; case 'create': if (!args.displayName) { throw new McpError(ErrorCode.InvalidParams, 'displayName is required for create action'); } const exchangePolicyPayload: any = { displayName: args.displayName, description: args.description || '', isDefault: args.isDefault || false, settings: args.settings || {}, appliedTo: args.appliedTo || {} }; apiPath = endpoint; result = await graphClient.api(apiPath).post(exchangePolicyPayload); break; case 'update': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for update action'); } const updatePayload: any = {}; if (args.displayName) updatePayload.displayName = args.displayName; if (args.description) updatePayload.description = args.description; if (args.isDefault !== undefined) updatePayload.isDefault = args.isDefault; if (args.settings) updatePayload.settings = args.settings; if (args.appliedTo) updatePayload.appliedTo = args.appliedTo; apiPath = `${endpoint}/${args.policyId}`; result = await graphClient.api(apiPath).patch(updatePayload); break; case 'delete': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for delete action'); } apiPath = `${endpoint}/${args.policyId}`; await graphClient.api(apiPath).delete(); result = { message: `Exchange ${args.policyType} policy ${args.policyId} deleted successfully` }; break; default: throw new McpError(ErrorCode.InvalidParams, `Unknown action: ${args.action}`); } return { content: [{ type: 'text', text: `Exchange ${args.policyType} Policy ${args.action} operation completed:\n\n${JSON.stringify(result, null, 2)}` }] }; }
- Zod schema defining input parameters and validation for the manage_exchange_policies tool, including actions (list/get/create/update/delete), policy types, and detailed settings for Exchange policies.export const exchangePolicyArgsSchema = z.object({ action: z.enum(['list', 'get', 'create', 'update', 'delete']).describe('Action to perform on Exchange policy'), policyType: z.enum(['addressBook', 'outlookWebApp', 'activeSyncMailbox', 'retentionPolicy', 'dlpPolicy']).describe('Type of Exchange policy'), policyId: z.string().optional().describe('Exchange policy ID for specific operations'), displayName: z.string().optional().describe('Display name for the policy'), description: z.string().optional().describe('Description of the policy'), isDefault: z.boolean().optional().describe('Whether this is the default policy'), settings: z.object({ addressLists: z.array(z.string()).optional().describe('Address lists'), globalAddressList: z.string().optional().describe('Global address list'), offlineAddressBook: z.string().optional().describe('Offline address book'), roomList: z.string().optional().describe('Room list'), activeSyncIntegrationEnabled: z.boolean().optional().describe('ActiveSync integration enabled'), allAddressListsEnabled: z.boolean().optional().describe('All address lists enabled'), calendarEnabled: z.boolean().optional().describe('Calendar enabled'), contactsEnabled: z.boolean().optional().describe('Contacts enabled'), journalEnabled: z.boolean().optional().describe('Journal enabled'), junkEmailEnabled: z.boolean().optional().describe('Junk email enabled'), remindersAndNotificationsEnabled: z.boolean().optional().describe('Reminders and notifications enabled'), notesEnabled: z.boolean().optional().describe('Notes enabled'), premiumClientEnabled: z.boolean().optional().describe('Premium client enabled'), searchFoldersEnabled: z.boolean().optional().describe('Search folders enabled'), signatureEnabled: z.boolean().optional().describe('Signature enabled'), spellCheckerEnabled: z.boolean().optional().describe('Spell checker enabled'), tasksEnabled: z.boolean().optional().describe('Tasks enabled'), umIntegrationEnabled: z.boolean().optional().describe('UM integration enabled'), changePasswordEnabled: z.boolean().optional().describe('Change password enabled'), rulesEnabled: z.boolean().optional().describe('Rules enabled'), publicFoldersEnabled: z.boolean().optional().describe('Public folders enabled'), smimeEnabled: z.boolean().optional().describe('S/MIME enabled'), devicePasswordEnabled: z.boolean().optional().describe('Device password enabled'), alphanumericDevicePasswordRequired: z.boolean().optional().describe('Alphanumeric device password required'), devicePasswordExpiration: z.number().optional().describe('Device password expiration in days'), devicePasswordHistory: z.number().optional().describe('Device password history'), maxDevicePasswordFailedAttempts: z.number().optional().describe('Max device password failed attempts'), maxInactivityTimeDeviceLock: z.number().optional().describe('Max inactivity time before device lock in minutes'), minDevicePasswordLength: z.number().optional().describe('Minimum device password length'), allowNonProvisionableDevices: z.boolean().optional().describe('Allow non-provisionable devices'), attachmentsEnabled: z.boolean().optional().describe('Attachments enabled'), maxAttachmentSize: z.number().optional().describe('Max attachment size in MB'), deviceEncryptionEnabled: z.boolean().optional().describe('Device encryption enabled'), requireStorageCardEncryption: z.boolean().optional().describe('Require storage card encryption'), passwordRecoveryEnabled: z.boolean().optional().describe('Password recovery enabled'), requireDeviceEncryption: z.boolean().optional().describe('Require device encryption'), allowCamera: z.boolean().optional().describe('Allow camera'), allowWiFi: z.boolean().optional().describe('Allow WiFi'), allowIrDA: z.boolean().optional().describe('Allow IrDA'), allowInternetSharing: z.boolean().optional().describe('Allow internet sharing'), allowRemoteDesktop: z.boolean().optional().describe('Allow remote desktop'), allowDesktopSync: z.boolean().optional().describe('Allow desktop sync'), allowHTMLEmail: z.boolean().optional().describe('Allow HTML email'), allowTextMessaging: z.boolean().optional().describe('Allow text messaging'), allowPOPIMAPEmail: z.boolean().optional().describe('Allow POP/IMAP email'), allowBrowser: z.boolean().optional().describe('Allow browser'), allowConsumerEmail: z.boolean().optional().describe('Allow consumer email'), allowUnsignedApplications: z.boolean().optional().describe('Allow unsigned applications'), allowUnsignedInstallationPackages: z.boolean().optional().describe('Allow unsigned installation packages'), }).optional().describe('Policy settings'), appliedTo: z.object({ users: z.array(z.string()).optional().describe('Users the policy applies to'), groups: z.array(z.string()).optional().describe('Groups the policy applies to'), }).optional().describe('Policy application scope'), });
- src/server.ts:1186-1206 (registration)MCP server tool registration for 'manage_exchange_policies', linking the schema, metadata annotations, and handler function.// Exchange Online Policy Management - Lazy loading enabled for tool discovery this.server.tool( "manage_exchange_policies", "Manage Exchange Online policies including mail flow rules, mobile device access, and organization-wide settings.", exchangePolicyArgsSchema.shape, {"readOnlyHint":false,"destructiveHint":true,"idempotentHint":false}, wrapToolHandler(async (args: ExchangePolicyArgs) => { this.validateCredentials(); try { return await handleExchangePolicies(this.getGraphClient(), args); } catch (error) { if (error instanceof McpError) { throw error; } throw new McpError( ErrorCode.InternalError, `Error executing tool: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }) );
- src/tool-metadata.ts:255-258 (helper)Tool metadata providing description, title, and annotations (readOnlyHint, destructiveHint, etc.) used during tool registration.manage_exchange_policies: { description: "Manage Exchange Online policies including mail flow rules, mobile device access, and organization-wide settings.", title: "Exchange Policy Manager", annotations: { title: "Exchange Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true }