Skip to main content
Glama
DynamicEndpoints

Microsoft 365 Core MCP Server

by DynamicEndpoints
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Remote

manage_intune_macos_compliance

Assess macOS device compliance status, generate reports on policy adherence, and manage security posture through Intune for Microsoft 365 environments.

Instructions

Assess macOS device compliance status and generate reports on policy adherence and security posture.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
actionYesIntune macOS compliance action
deviceIdNoDevice ID for compliance assessment
complianceTypeNoType of compliance check
policiesNoSpecific policy IDs to assess

Implementation Reference

  • src/handlers/intune-macos-handler.ts:685-766 (handler)
    The core handler function that executes the manage_intune_macos_compliance tool. It handles various actions like retrieving compliance status, details, updating policies, and forcing evaluation using Microsoft Graph API calls to Intune endpoints.
    export async function handleIntuneMacOSCompliance( graphClient: Client, args: IntuneMacOSComplianceArgs ): Promise<{ content: { type: string; text: string }[] }> { let apiPath = ''; let result: any; switch (args.action) { case 'get_status': if (args.deviceId) { // Get compliance status for specific device apiPath = `/deviceManagement/managedDevices/${args.deviceId}/deviceCompliancePolicyStates`; } else { // Get overall compliance status for macOS devices apiPath = '/deviceManagement/deviceCompliancePolicyDeviceStateSummary'; apiPath += `?$filter=platformType eq 'macOS'`; } result = await graphClient.api(apiPath).get(); break; case 'get_details': if (!args.deviceId) { throw new McpError(ErrorCode.InvalidParams, 'deviceId is required for get_details action'); } // Get detailed compliance information for device apiPath = `/deviceManagement/managedDevices/${args.deviceId}/deviceCompliancePolicyStates`; const complianceStates = await graphClient.api(apiPath).get(); // Get device configuration states const configApiPath = `/deviceManagement/managedDevices/${args.deviceId}/deviceConfigurationStates`; const configStates = await graphClient.api(configApiPath).get(); result = { deviceId: args.deviceId, compliancePolicyStates: complianceStates, configurationStates: configStates }; break; case 'update_policy': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for update_policy action'); } apiPath = `/deviceManagement/deviceCompliancePolicies/${args.policyId}`; const updatePayload = { passwordRequired: args.complianceData?.passwordCompliant, storageRequireEncryption: args.complianceData?.encryptionCompliant, systemIntegrityProtectionEnabled: args.complianceData?.systemIntegrityCompliant, firewallEnabled: args.complianceData?.firewallCompliant }; result = await graphClient.api(apiPath).patch(updatePayload); break; case 'force_evaluation': if (!args.deviceId) { throw new McpError(ErrorCode.InvalidParams, 'deviceId is required for force_evaluation action'); } // Trigger compliance evaluation on device apiPath = `/deviceManagement/managedDevices/${args.deviceId}/syncDevice`; await graphClient.api(apiPath).post({}); // Also trigger compliance policy evaluation const evalApiPath = `/deviceManagement/managedDevices/${args.deviceId}/triggerConfigurationManagerAction`; await graphClient.api(evalApiPath).post({ action: { actionType: 'evaluateCompliance' } }); result = { message: 'Compliance evaluation triggered successfully' }; break; default: throw new McpError(ErrorCode.InvalidParams, `Invalid action: ${args.action}`); } return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] }; }
  • src/types/intune-types.ts:363-378 (schema)
    TypeScript interface defining the input parameters for the tool handler, including action types and optional compliance data fields.
    export interface IntuneMacOSComplianceArgs { action: 'get_status' | 'get_details' | 'update_policy' | 'force_evaluation'; deviceId?: string; policyId?: string; complianceData?: { passwordCompliant?: boolean; encryptionCompliant?: boolean; osVersionCompliant?: boolean; threatProtectionCompliant?: boolean; systemIntegrityCompliant?: boolean; firewallCompliant?: boolean; gatekeeperCompliant?: boolean; jailbrokenCompliant?: boolean; }; }
  • src/handlers.ts:32-44 (registration)
    Imports the handler function and its argument type into the main handlers file, enabling registration and use of the tool in the MCP server.
    // Import Intune macOS handlers and types import { handleIntuneMacOSDevices, handleIntuneMacOSPolicies, handleIntuneMacOSApps, handleIntuneMacOSCompliance } from './handlers/intune-macos-handler.js'; import { IntuneMacOSDeviceArgs, IntuneMacOSPolicyArgs, IntuneMacOSAppArgs, IntuneMacOSComplianceArgs } from './types/intune-types.js';
  • src/tool-metadata.ts:142-146 (registration)
    Tool metadata registration providing description, title, and annotations (read-only hint, etc.) for the manage_intune_macos_compliance tool.
    manage_intune_macos_compliance: { description: "Assess macOS device compliance status and generate reports on policy adherence and security posture.", title: "Intune macOS Compliance Checker", annotations: { title: "Intune macOS Compliance Checker", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true } },
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DynamicEndpoints/m365-core-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server