Skip to main content
Glama
AutomoxCommunity

Automox MCP Server

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
AUTOMOX_ORG_IDNoNumeric organization ID (recommended, required by most tools)
AUTOMOX_API_KEYYesAutomox API key
AUTOMOX_MCP_HOSTNoBind address for HTTP/SSE127.0.0.1
AUTOMOX_MCP_PORTNoBind port for HTTP/SSE8000
AUTOMOX_MCP_MODULESNoComma-separated list of modules to load
AUTOMOX_ACCOUNT_UUIDYesAccount UUID from Secrets & Keys
AUTOMOX_MCP_API_KEYSNoComma-separated MCP endpoint API keys
AUTOMOX_MCP_READ_ONLYNoDisable all write operationsfalse
AUTOMOX_MCP_TRANSPORTNoTransport: stdio, http, sse, or streamable-httpstdio
AUTOMOX_MCP_LOG_FORMATNoLog format: text or jsontext
AUTOMOX_MCP_TOOL_PREFIXNoPrefix all tool names to prevent collisions
AUTOMOX_MCP_API_KEY_FILENoPath to file containing MCP endpoint API keys
AUTOMOX_MCP_OAUTH_ISSUERNoOIDC issuer URL for JWT auth
AUTOMOX_MCP_OAUTH_SCOPESNoComma-separated required OAuth scopes
AUTOMOX_MCP_TOKEN_BUDGETNoMax estimated tokens per response before truncation4000
AUTOMOX_MCP_ALLOWED_HOSTSNoExtra allowed Host headers
AUTOMOX_MCP_OAUTH_AUDIENCENoExpected JWT audience claim
AUTOMOX_MCP_OAUTH_JWKS_URINoJWKS endpoint for JWT key rotation
AUTOMOX_MCP_ALLOWED_ORIGINSNoExtra allowed Origin headers
AUTOMOX_MCP_OAUTH_SERVER_URLNoCanonical server URL for RFC 9728
AUTOMOX_MCP_UPLOAD_MAX_BYTESNoMax installer size for upload_policy_file10737418240
AUTOMOX_MCP_ALLOW_REMOTE_BINDNoAllow binding to non-loopback addressesfalse
AUTOMOX_MCP_SANITIZE_RESPONSESNoSanitize API data to mitigate prompt injectiontrue
AUTOMOX_MCP_ALLOW_DELETE_DEVICENoOpt in to delete_device toolfalse
AUTOMOX_MCP_UPLOAD_ALLOWED_DIRSNoComma-separated absolute directories for upload_policy_file
AUTOMOX_MCP_UPLOAD_TIMEOUT_SECONDSNoUpload read/write timeout for upload_policy_file3600
AUTOMOX_MCP_ALLOW_UPLOAD_POLICY_FILENoOpt in to upload_policy_file toolfalse
AUTOMOX_MCP_DNS_REBINDING_PROTECTIONNoSet to false to disable DNS rebinding protectiontrue
AUTOMOX_MCP_ALLOW_APPLY_REMEDIATION_ACTIONSNoOpt in to apply_remediation_actions toolfalse
AUTOMOX_MCP_ALLOW_SPLASHTOP_BULK_INSTALL_UNINSTALLNoOpt in to splashtop_bulk_install_uninstall toolfalse

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": true
}
logging
{}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
extensions
{
  "io.modelcontextprotocol/ui": {}
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
audit_trail_user_activityA

Retrieve Automox audit trail events performed by a user on a specific date.

audit_events_ocsfA

Query OCSF-formatted audit events from the Automox Audit Service v2. Filter by date (required) and event type name. The category_name filter is applied client-side against the event type_name prefix: the upstream events do NOT carry a category_name field, only an integer category_uid that maps 1:N across categories, so category filtering matches the type_name label prefix (authentication/entity_management/web_resource_activity are live-verified prefixes; account_change/user_access are spec-derived and unverified live). An unmappable category token leaves results unfiltered and sets metadata.applied_filters.category_name_matched=false (so an empty result is never mistaken for 'no activity'); metadata.events_before_filter reports the unfiltered count. category_uid/type_uid/class_uid/activity_id are raw OCSF taxonomy integers with no decode table in the upstream spec — prefer the human-readable sibling strings type_name and activity. Uses cursor-based pagination for large result sets. Event time is an ISO 8601 UTC string (converted from the upstream epoch-seconds value). The date parameter selects events by event date; the timezone of that date boundary is not stated by the upstream spec (unverified). severity/status labels follow the OCSF scales (severity: informational/low/medium/high/critical/fatal; status: success/failure/other) and are filled from severity_id/status_id when the upstream omits the string. Permissions: as of 2025-10-27 the upstream endpoint requires the API key to have BOTH organization:manage and users:read scopes; keys missing either scope return 403.

list_devicesA

List devices with detailed per-device information including hostname, OS, policy status, and patch status. Use this to explore and investigate specific devices, optionally filtered by management/policy status. For aggregate statistics and health metrics, use device_health_metrics instead.

device_detailA

Return detailed information and recent activity for a device. Includes a compliance rollup (per-policy status counts: up_to_date / pending / needs_remediation, plus the policies needing remediation — only needs_remediation policies make a device non-compliant). uptime_minutes is sampled at the device's last full scan, so it can lag the current boot session.

devices_needing_attentionC

Surface Automox devices flagged for immediate action.

search_devicesA

Search Automox devices by hostname (including custom name), IP, tag, severity of missing patches, or patch status (only 'missing' is supported). The severity filter is passed upstream to scope the result set (the requested values are echoed in metadata.filters.severity); it narrows the candidate set but does NOT guarantee every returned device currently has an outstanding patch at that severity (live, ~41% of severity=critical results report zero outstanding patches — likely already remediated or reassessed since the index was built). Per-device pending_patches is the device's total outstanding-patch count and is NOT scoped to the severity filter, so do not read it as the count matching the requested severity.

device_health_metricsA

Aggregate organization-wide device health statistics including managed/unmanaged breakdown, device status breakdown, compliance metrics, and check-in recency analysis. Compliance follows the platform rule: a device is non-compliant only when at least one policy needs remediation — pending work is tracked separately as devices_with_pending_policies. Use this for monitoring dashboards and getting a fleet-wide health overview.

get_device_inventoryA

Retrieve detailed device inventory data including hardware, network, security, services, system, and user information. Optionally filter by category. Uses the Console API device-details endpoint.

get_device_inventory_categoriesA

List available inventory categories for a device. Categories are dynamic per device. Use this to discover what inventory data is available before requesting specific categories.

execute_device_commandC

Issue an immediate command to a device (scan, patch, or reboot).

batch_update_devicesA

Apply bulk attribute actions to many devices at once (up to 500). Currently supports tag apply/remove via actions like {'attribute': 'tags', 'action': 'apply', 'value': ['env:prod']}.

update_deviceA

Update a single device's mutable attributes: custom_name, server_group_id, exception (policy-enforcement exclusion), tags, and ip_addrs. Fills the single-device gap that batch_update_devices (tags-only, bulk) does not cover — e.g. renaming a device or moving it to a server group. Supply only the fields you want to change; at least one is required.

list_saved_searchesB

List saved device searches from the Advanced Device Search API. Returns saved search names, queries, and metadata.

advanced_device_searchA

Execute an advanced device search using the Automox Advanced Device Search API's structured query language. Enables complex queries like 'find all Windows devices not seen in 30 days' or 'devices with nginx installed' using field-based filtering. Pass query as a dict with a filters list of AND/OR groups, each a list of conditions: {"filters": [{"AND": [{"scope": "SOFTWARE", "field": "pkgDisplayName", "operator": "IN", "values": ["nginx"]}]}]}. Tag search uses scope TAGS (not DEVICE): {"scope": "TAGS", "field": "tag", "operator": "IN", "values": ["Nginx"]}. Use get_searchable_fields for valid scope/field/operator combos and device_search_typeahead to discover values. The org is scoped automatically. limit sets the page size. On each returned device, outstanding_patch_severity distinguishes the string 'none' (assessed, no outstanding patches — clean) from JSON null/absent (device not yet assessed — unknown, NOT clean); see metadata.field_notes.outstanding_patch_severity. Use an org-scoped API key — global/account keys are unreliable on this endpoint and often return HTTP 403.

device_search_typeaheadA

Get typeahead suggestions for device search fields. Useful for discovering valid values when building advanced device queries.

get_device_metadata_fieldsC

Get available fields for device queries. Returns the field names and types supported by the advanced device search API.

get_device_assignmentsA

Get device-to-policy and device-to-group assignments.

get_device_by_uuidA

Get the near-raw device payload by UUID (canonical /servers endpoint). Integer policy codes carry a status_label sibling (up_to_date / pending / needs_remediation — only needs_remediation makes a device non-compliant; see the compliance rollup). uptime_minutes is sampled at the device's last full scan, so it can lag the current boot session.

get_saved_searchB

Retrieve a single saved device search by ID. Returns the saved search name, description, query, and metadata.

get_saved_search_resultsA

Execute a saved device search and retrieve its current device result set. Supports pagination via page + limit.

get_cached_search_resultsA

Retrieve cached server-side results for a previously-executed device search, keyed by search execution ID. Distinct from get_saved_search_results which re-executes a saved-search definition.

get_search_scopesA

List available device-search scope options. Org-independent metadata describing the scopes (e.g., device, group, org) supported by the Advanced Device Search API.

get_searchable_fieldsA

List searchable device fields grouped by scope, with per-field type metadata. Richer than get_device_metadata_fields (a flat field-name array) — use this to construct typed advanced-search queries.

list_searches_for_deviceA

List the saved device searches whose result set currently contains a given device (by UUID). Triage primitive: 'which saved searches does this device match?' Optionally filter by saved-search type.

run_saved_searchA

Execute a saved device search by UUID and return its device results, with paging (page/size) and an optional fields projection. Lighter-weight than get_saved_search_results when you only need a subset of fields.

create_saved_searchA

Create a new saved device search. Provide a name, a structured query dict carrying a filters list (same syntax as advanced_device_search — e.g. {"filters": [{"AND": [{"scope": "SOFTWARE", "field": "pkgDisplayName", "operator": "IN", "values": ["nginx"]}]}]}), and an optional description. The org is scoped automatically.

update_saved_searchA

Update an existing saved device search (partial update). Provide at least one of name, query, or description. The query dict uses the Automox Advanced Device Search API query syntax (see advanced_device_search).

delete_saved_searchB

Permanently delete a saved device search by ID.

assign_policies_to_saved_searchB

Bulk-assign one or more policies to the result set of a saved device search. Takes the saved-search UUID and a list of policy IDs.

refresh_saved_search_cacheA

Force a re-cache of a saved device search's results when they may be stale. Triggers server-side recomputation; returns once queued.

policy_health_overviewB

Summarize recent Automox policy activity. status_breakdown counts RUNS by overall result; the 'no_success_or_failure' bucket means every device was pending/not_included/remediation_not_applicable (a benign no-op or still in progress), not an error.

policy_execution_timelineB

Review recent executions for a policy. Each execution's device_outcomes are device counts per outcome (not run statuses); a run with no successes or failures but pending/not_included/remediation_not_applicable completed as a benign no-op or is still in progress, not a failure.

policy_run_resultsB

Retrieve per-device results and output for a specific policy execution token. exit_code is the raw process exit code from the policy script (0 = success; negative values on Windows are NTSTATUS codes as signed 32-bit ints, e.g. -1073741502 = 0xC0000142); result_status is the lowercase per-device outcome string.

policy_catalogA

List Automox policies with type and status summaries. schedule_days is a bitmask (decoded alongside as schedule_days_decoded); schedule_time is a bare HH:MM string with no timezone marker — device-local vs. org time depends on policy configuration, so the timezone cannot be inferred from this field alone.

policy_detailB

Retrieve configuration and recent history for a policy.

policy_compliance_statsA

Retrieve per-policy compliance statistics for the organization. compliance_rate_percent is computed over evaluated devices (compliant + noncompliant) and is null when none have been evaluated; pending devices do not count against compliance and are reported separately via pending_devices / pending_rate_percent over all targeted devices.

patch_approvals_summaryA

Summarize patch approvals awaiting decision. Each approval covers one software package (title, software.version/os_family, CVE ids under cves) for a specific policy; manual_approval is true = approved, false = rejected, null = awaiting decision. The upstream record has no severity field, so severity_breakdown buckets approvals without one as 'unspecified' — use the CVE ids to judge urgency.

preview_policy_device_filtersA

Dry-run: preview which devices a policy's targeting would resolve to, before creating or updating the policy. Read-only — nothing is created or changed. server_groups is REQUIRED when device_filters is provided (the upstream preview cannot evaluate a filter-only target): pass the groups the policy will be assigned to, and the device_filters clauses ({field, op, value}) are applied within that scope.

list_devices_for_policiesA

List the devices currently targeted by one or more policies (by policy UUID) — blast-radius assessment before executing or changing a policy. Read-only.

decide_patch_approvalB

Approve or reject an Automox patch approval request.

delete_policyB

Permanently delete an Automox policy by ID.

clone_policyA

Clone an existing Automox policy. By default creates an in-org copy with an optional new name and server group assignments. Pass target_zone_ids to instead clone a patch policy into one or more zones/orgs in a single server-side call (patch policies only; mutually exclusive with name/server_groups).

apply_policy_changesC

Create or update Automox policies with automatic format correction.

execute_policy_nowB

Execute an Automox policy immediately for remediation (all devices or specific device).

policy_runs_v2A

List policy runs with time-range filtering, policy name/type filters, and result status filtering. Uses the Policy History v2 API for richer data than the standard policy execution timeline. Each run's device_outcomes (pending/success/failed/not_included/remediation_not_applicable/blocked) are DEVICE COUNTS per outcome for that run, not run statuses. result_status filters with any-device-with-this-outcome semantics: a run matches when AT LEAST ONE device had that outcome — it does NOT mean every device did (live-verified 2026-06-05: result_status='failed' returns runs with 1 failed device alongside 200+ not-failed). The same run can match multiple result_status values.

policy_run_countA

Get aggregate policy execution counts. Optionally filter by number of days to look back.

policy_runs_by_policyA

Get policy runs grouped by policy for cross-policy comparison. Shows which policies have been running and their aggregate results.

policy_history_detailB

Get policy history details by UUID, including run history and status. Each run's device_outcomes are device counts per outcome, not run statuses.

policy_runs_for_policyA

Get execution runs for a specific policy by UUID. Optionally filter by number of days and sort order. Each run's device_outcomes are device counts per outcome, not run statuses.

policy_execution_countsA

List fleet-wide policy execution counts over a time window: one row per policy with its run count, in a single round-trip. Answers 'which policies ran most last quarter?' without per-policy calls or client-side aggregation. Distinct from policy_run_count (single aggregate) and policy_runs_for_policy (per-run records for one policy).

policy_run_detail_v2A

Get detailed per-device results for a specific policy run. Uses UUID-based queries and supports device name filtering. exit_code is the raw process exit code from the policy script (0 = success; negative values on Windows are NTSTATUS codes as signed 32-bit ints); result_status is the lowercase per-device outcome (e.g. success, failed).

invite_user_to_accountC

Invite a user to the Automox account with optional zone assignments.

remove_user_from_accountB

Remove a user from the Automox account by UUID.

list_org_api_keysA

List API keys for the Automox organization. Returns key metadata (name, enabled, expiry) only — secrets are never exposed.

list_organizationsA

List organizations visible to the API key, with device count, device limit, parent org, and trial end time. Useful for MSP/multi-org navigation, capacity posture, and trial warnings. A tier slug may be present per spec but has no defined feature ordering and is absent on some tenants — do not infer a paid-plan or capability ranking from it.

list_usersA

List users in the organization with name, email, and RBAC roles. Secrets (e.g. intercom_hmac) are never surfaced.

get_userA

Get a single user by numeric ID, including org/server-group membership and RBAC roles. Secrets are never surfaced.

get_accountB

Get Automox account detail (id, name, type, timestamps).

list_account_rbac_rolesB

List the RBAC roles available in the Automox account.

get_account_userA

Get an account-scoped user record by UUID: status, account RBAC role, verification, and 2FA type. two_factor_authentication carries the literal string 'disabled' when 2FA is OFF (do NOT read it as a configured type); a null/absent value is ambiguous (may mean disabled or not-reported) — see metadata.field_notes.

list_zones_for_userB

List the zones (organizations) a given user belongs to.

list_zonesB

List the zones (organizations) in the Automox account.

get_zoneA

Get a single zone (organization) by UUID. The zone access_key is never surfaced.

list_zone_usersC

List the users assigned to a given zone (by zone UUID).

list_user_api_keysA

List a user's API keys by user ID. Returns key metadata (name, enabled, expiry) only — secrets are never exposed.

get_user_api_keyA

Get one user API key by user ID and key ID. Returns metadata only — the secret is never exposed.

list_global_api_keysA

List global (account-scoped) API keys. Returns key metadata (name, enabled, expiry) only — secrets are never exposed.

create_zoneB

Create a new zone (organization) in the account. The zone access_key is never surfaced.

update_userA

Update a user's profile fields (firstname, lastname, email, tfa_type) by user ID. Passwords cannot be set through this tool.

create_user_api_keyA

Create an API key for a user. Returns metadata only — the key secret is never surfaced and cannot be retrieved via MCP.

update_user_api_keyB

Enable or disable a user API key by user ID and key ID.

delete_user_api_keyA

Permanently delete a user API key by user ID and key ID.

create_global_api_keyA

Create a global (account-scoped) API key. Returns metadata only — the key secret is never surfaced and cannot be retrieved via MCP.

update_global_api_keyA

Enable or disable a global (account-scoped) API key by ID.

delete_global_api_keyA

Permanently delete a global (account-scoped) API key by ID.

list_server_groupsB

List all Automox server groups with their device counts and assigned policies. refresh_interval is the agent check-in/scan cadence in minutes (live-verified; spec range 240-1440) — see metadata.field_notes.

get_server_groupA

Get detailed information about a specific Automox server group. refresh_interval is the agent check-in/scan cadence in minutes (live-verified; spec range 240-1440) — see metadata.field_notes.

create_server_groupC

Create a new Automox server group. refresh_interval is the agent check-in/scan cadence in minutes (live-verified; spec range 240-1440).

update_server_groupB

Update an existing Automox server group. refresh_interval is the agent check-in/scan cadence in minutes (live-verified; spec range 240-1440).

delete_server_groupB

Delete an Automox server group permanently.

list_eventsA

List Automox organization events with optional filters by policy, device, user, event name, or date range. For policy/patch events, data.status is the raw process exit code (arrives as string or int): '0' = success; negative values on Windows are NTSTATUS codes as signed 32-bit ints (e.g. '-1073741502' = 0xC0000142).

prepatch_reportA

Retrieve the Automox pre-patch readiness report showing devices with pending patches before the next scheduled patch window. Per-device 'highest_severity' distinguishes 'no_known_cves' (patches carry no associated CVE — benign) from 'unknown' (severity undetermined). 'compliant' follows the platform rule: a device is non-compliant only when a policy needs remediation; pending work alone does not count against it.

noncompliant_reportA

Retrieve the Automox non-compliant devices report showing devices that need attention due to policy failures or missing patches. Each failing policy includes 'reason_for_fail' (upstream failure text, may be truncated), 'severity', and 'type' so you can state why a device is non-compliant and prioritize across devices.

list_device_packagesA

List software packages on a specific Automox device. Returns package name, version, installed (boolean install state), repo, is_managed, and severity. There is no patch-status field in the response; install state comes from the installed boolean. severity is one of critical/high/medium/low/no_known_cves or JSON null (live-verified); none/unknown exist per spec but were not observed live. JSON null means no severity assessment was recorded (not a safety claim); no_known_cves means scanned with no known CVEs. See metadata.field_notes.severity. By default returns the complete package set (auto-paginated), so it is reliable for 'is package X installed?' checks. Pass an explicit page to fetch a single page instead.

search_org_packagesA

Search software packages across the Automox organization. Filter by managed status (include_unmanaged) or install state (awaiting: true = available but not installed, false = already installed -- per spec; note this is inverted from a naive reading of the word). awaiting is a request filter only, NOT a field in the response. Returns package name, version, is_managed, and severity. severity vocabulary is the same as list_device_packages: critical/high/medium/low/no_known_cves or JSON null observed live, with none/unknown present in the spec enum but unobserved. See metadata.field_notes.severity. The endpoint returns a bare list with no total, so returned_package_count is the count of packages on THIS page only (NOT a fleet-wide org total); when metadata.pagination.has_more is true, increment page to enumerate the rest.

list_webhook_event_typesA

List all available Automox webhook event types with descriptions. Use this to see which events can trigger webhook deliveries.

list_webhooksB

List all webhook subscriptions for the Automox organization. Supports cursor-based pagination.

get_webhookB

Retrieve details for a specific Automox webhook subscription.

list_webhook_deliveriesA

List recent delivery attempts (status, latency, error) for a webhook -- delivery troubleshooting. Results are newest-first and cursor-paginated; optional startDate/endDate filters.

create_webhookA

Create a new Automox webhook subscription. The response includes a signing secret that is ONLY shown once — save it immediately. Max 5 webhooks per organization. URL must be HTTPS.

update_webhookA

Update an existing Automox webhook. Only provided fields are changed (partial update). Can update name, URL, enabled status, or event types.

delete_webhookA

Delete an Automox webhook subscription permanently.

test_webhookA

Send a test delivery to an Automox webhook endpoint. Returns success status, HTTP status code, and response time.

rotate_webhook_secretA

Rotate the signing secret for an Automox webhook. The old secret is immediately invalidated. Save the new secret — it is only shown once.

search_worklet_catalogA

Search the Automox community worklet catalog. Returns worklet names, descriptions, categories, OS compatibility, and trust/availability signals (verified boolean, access tier such as premium, license_required). Catalog items have no status field. Use to discover pre-built evaluation and remediation scripts.

get_worklet_detailA

Get detailed information for a specific community worklet, including evaluation code, remediation code, and requirements.

list_data_extractsB

List data extract jobs for the Automox organization. Returns each job's id, type (e.g. patch-history | api-activity), status, the is_completed readiness boolean, and whether a download link is available (has_download_url).

get_data_extractB

Get details for a data extract job. Returns status (per spec enum: queued | running | complete | failed | canceled | expired) and the is_completed boolean (use this for readiness). download_expires_at is the link-expiry timestamp; has_download_url=true means the CSV is currently downloadable. The presigned download URL itself is not returned to the model — retrieve it from the Automox console.

create_data_extractB

Request a new data extract for bulk reporting. Returns the extract ID and initial status.

list_remediation_action_setsB

List vulnerability remediation action sets for the organization. Shows imported vulnerability data and remediation tracking.

Prompts

Interactive templates invoked by user choice

NameDescription
investigate_noncompliant_deviceGuided workflow to investigate why a device is non-compliant and remediate it.
prepare_patch_tuesdayGuided workflow to assess readiness and prepare for Microsoft Patch Tuesday.
audit_policy_executionGuided workflow to audit a policy's execution history and identify issues.
onboard_device_groupGuided workflow to create and configure a new device group with policies.
triage_failed_policy_runGuided workflow to triage and remediate a failed policy execution.
review_security_postureGuided workflow to review and assess the organization's fleet security posture.

Resources

Contextual data attached and managed by the client

NameDescription
Policy Quick Start TemplatesCopy-paste templates for creating common policy types
Policy Schema ReferenceComplete Automox policy schema with required fields, examples, and best practices
Policy Schedule SyntaxDetailed guide for Automox policy scheduling syntax and bitmask calculations
Server Groups MappingList of all Automox server groups with ID to name mappings
Webhook Event TypesComplete list of all 39 Automox webhook event types with categories and descriptions. Use this to see which events can trigger webhook deliveries when creating or updating webhook subscriptions.
Device Filter SyntaxReference for Automox device filtering syntax used in search_devices and policy device_filters. Includes field names, operators, and examples.
Patch Classification CategoriesMapping of Automox patch classification categories, severity levels, and patch_rule options used in policy configuration.
Supported Operating SystemsMatrix of operating systems supported by the Automox agent, including OS families and version details.
API Rate Limiting GuideRate limiting behavior for the Automox API and the MCP server's built-in rate limiter. Useful for understanding throttling behavior.
automox_triage_appRead-only MCP App UI for the non-compliant triage surface, rendered inline by Apps-capable hosts as the interactive view for get_compliance_snapshot.
automox_patch_approval_appMCP App UI for reviewing and approving/rejecting pending Automox patch approvals inline, the review surface for patch_approvals_summary.
automox_policy_blast_radius_appMCP App UI for reviewing a proposed policy change and its affected-device scope (blast radius) before applying — the review surface for apply_policy_changes (preview mode).
automox_remediation_apply_appMCP App UI for reviewing an action set's remediation solutions and the devices they target before applying patch-now — the review/confirmation surface for the gated apply_remediation_actions.
automox_access_certification_appMCP App UI for reviewing account users, their RBAC roles, and 2FA status and certifying/flagging access inline (read-first; certification writes nothing) — the review surface for list_users.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/AutomoxCommunity/automox-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server