BOD-25-01-CSA-Microsoft-Policy-MCP
Server Configuration
Describes the environment variables required to run the server.
Name | Required | Description | Default |
---|---|---|---|
CLIENT_ID | Yes | Your Azure AD application client ID | |
TENANT_ID | Yes | Your Azure AD tenant ID | |
CLIENT_SECRET | Yes | Your Azure AD application client secret |
Schema
Prompts
Interactive templates invoked by user choice
Name | Description |
---|---|
No prompts |
Resources
Contextual data attached and managed by the client
Name | Description |
---|---|
No resources |
Tools
Functions exposed to the LLM to take actions
Name | Description |
---|---|
block_legacy_auth | Block legacy authentication (MS.AAD.1.1v1) |
block_high_risk_users | Block users detected as high risk (MS.AAD.2.1v1) |
block_high_risk_signins | Block sign-ins detected as high risk (MS.AAD.2.3v1) |
enforce_phishing_resistant_mfa | Enforce phishing-resistant MFA for all users (MS.AAD.3.1v1) |
enforce_alternative_mfa | Enforce alternative MFA method if phishing-resistant MFA not enforced (MS.AAD.3.2v1) |
configure_authenticator_context | Configure Microsoft Authenticator to show login context (MS.AAD.3.3v1) |
complete_auth_methods_migration | Set Authentication Methods Manage Migration to Complete (MS.AAD.3.4v1) |
enforce_privileged_mfa | Enforce phishing-resistant MFA for privileged roles (MS.AAD.3.6v1) |
restrict_app_registration | Allow only administrators to register applications (MS.AAD.5.1v1) |
restrict_app_consent | Allow only administrators to consent to applications (MS.AAD.5.2v1) |
configure_admin_consent | Configure admin consent workflow for applications (MS.AAD.5.3v1) |
restrict_group_consent | Prevent group owners from consenting to applications (MS.AAD.5.4v1) |
disable_password_expiry | Disable password expiration (MS.AAD.6.1v1) |
configure_global_admins | Configure Global Administrator role assignments (MS.AAD.7.1v1) |
enforce_granular_roles | Enforce use of granular roles instead of Global Administrator (MS.AAD.7.2v1) |
enforce_cloud_accounts | Enforce cloud-only accounts for privileged users (MS.AAD.7.3v1) |
enforce_pam | Enforce PAM system for privileged role assignments (MS.AAD.7.5v1) |
configure_global_admin_approval | Configure approval requirement for Global Administrator activation (MS.AAD.7.6v1) |
configure_role_alerts | Configure alerts for privileged role assignments (MS.AAD.7.7v1) |
configure_admin_alerts | Configure alerts for Global Administrator activation (MS.AAD.7.8v1) |
get_policy_status | Get current status of all CISA M365 security policies |