block_high_risk_signins
Prevent unauthorized access by blocking sign-ins flagged as high risk. This tool enforces security policies to protect Microsoft 365 cloud services from potential threats.
Instructions
Block sign-ins detected as high risk (MS.AAD.2.3v1)
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- cisa-m365/src/index.ts:456-493 (handler)The handler function that executes the tool logic: creates a Conditional Access Policy to block high-risk sign-ins using Microsoft Graph API.
private async blockHighRiskSignins() { try { // Configure sign-in risk policy using Microsoft Graph API await this.graphClient .api('/policies/conditionalAccessPolicies') .post({ displayName: 'Block High Risk Sign-ins', state: 'enabled', conditions: { signInRiskLevels: ['high'], applications: { includeApplications: ['all'], }, users: { includeUsers: ['all'], }, }, grantControls: { operator: 'OR', builtInControls: ['block'], }, }); return { content: [ { type: 'text', text: 'High-risk sign-ins blocked successfully', }, ], }; } catch (error: unknown) { throw new McpError( ErrorCode.InternalError, `Failed to block high-risk sign-ins: ${error instanceof Error ? error.message : 'Unknown error'}` ); } } - cisa-m365/src/index.ts:136-143 (registration)Registration of the 'block_high_risk_signins' tool in the MCP server's tool list, including name, description, and input schema.
{ name: 'block_high_risk_signins', description: 'Block sign-ins detected as high risk (MS.AAD.2.3v1)', inputSchema: { type: 'object', properties: {}, }, }, - cisa-m365/src/index.ts:139-142 (schema)Input schema definition for the tool (empty object, no parameters required).
inputSchema: { type: 'object', properties: {}, }, - cisa-m365/src/index.ts:327-328 (handler)Dispatch case in the CallToolRequest handler that routes to the blockHighRiskSignins method.
case 'block_high_risk_signins': return await this.blockHighRiskSignins();