smithery badge A Model Context Protocol (MCP) server implementing CISA Binding Operational Directive 25-01 security controls for Microsoft 365 (Azure AD/Entra ID).

Table of Contents

Overview

This MCP server provides tools for configuring and managing Microsoft 365 security settings in accordance with BOD 25-01 requirements. It integrates with Microsoft Graph API to enforce security controls, monitor compliance, and provide detailed reporting.

Key Features

  • Legacy authentication controls
  • Risk-based access controls
  • Multi-factor authentication management
  • Application registration and consent controls
  • Password policy management
  • Privileged role management
  • Cloud-only account enforcement
  • PAM system integration
  • Comprehensive compliance reporting
  • Token-based authentication
  • Type-safe argument validation
  • Detailed error handling and logging

Security Controls

MS.AAD.1.1v1

Due Date: 06/20/2025

Block legacy authentication: - Disables legacy authentication protocols - Reduces attack surface - Improves security posture

Implementation details: 

await graphClient
  .api('/policies/authenticationMethodsPolicy')
  .patch({
    allowLegacyAuthentication: false,
    blockLegacyAuthenticationMethods: true,
  });

MS.AAD.2.1v1 & MS.AAD.2.3v1

Due Date: 06/20/2025

Block high-risk users and sign-ins: - Blocks users detected as high risk - Blocks sign-ins detected as high risk - Leverages Microsoft's threat intelligence

Implementation details: 

await graphClient
  .api('/policies/identitySecurityDefaultsEnforcementPolicy')
  .patch({
    blockHighRiskUsers: true,
    riskLevelForBlocking: 'high',
  });

MS.AAD.3.1v1, MS.AAD.3.2v1, MS.AAD.3.3v1

Due Date: 06/20/2025

MFA configuration: - Enforces phishing-resistant MFA - Configures alternative MFA methods - Shows login context in Microsoft Authenticator

Implementation details: 

await graphClient
  .api('/policies/authenticationMethodsPolicy')
  .patch({
    policies: {
      fido2: {
        isEnabled: true,
        isSelfServiceRegistrationAllowed: true,
      },
      windowsHelloForBusiness: {
        isEnabled: true,
        isSelfServiceRegistrationAllowed: true,
      },
    },
  });

MS.AAD.5.1v1, MS.AAD.5.2v1, MS.AAD.5.3v1, MS.AAD.5.4v1

Due Date: 06/20/2025

Application controls: - Restricts app registration to admins - Restricts app consent to admins - Configures admin consent workflow - Blocks group owner consent

Implementation details: 

await graphClient
  .api('/policies/applicationRegistrationManagement')
  .patch({
    restrictAppRegistration: true,
    restrictNonAdminUsers: true,
  });

MS.AAD.6.1v1

Due Date: 06/20/2025

Password policy: - Disables password expiration - Follows modern security best practices

Implementation details: 

await graphClient
  .api('/policies/passwordPolicy')
  .patch({
    passwordExpirationPolicy: {
      passwordExpirationDays: 0,
      neverExpire: true,
    },
  });

MS.AAD.7.1v1 through MS.AAD.7.8v1

Due Date: 06/20/2025

Privileged role management: - Limits Global Administrator count - Enforces granular roles - Requires cloud-only accounts - Enforces PAM system usage - Configures approval workflows - Sets up alerting

Implementation details: 

await graphClient
  .api('/policies/roleManagementPolicies')
  .patch({
    enforceGranularRoles: true,
    blockGlobalAdminForGeneralUse: true,
    requireApprovalForGlobalAdmin: true,
  });

Architecture

Components

  1. Server Class
  2. Handles MCP protocol implementation
  3. Manages tool registration and execution

  4. Implements error handling and logging

  5. Authentication

  6. Token-based authentication with Microsoft Graph API
  7. Automatic token refresh

  8. Secure credential management

  9. Graph Client

  10. Wrapper around Microsoft Graph API
  11. Type-safe request/response handling

  12. Retry logic and error handling

  13. Tools

  14. Legacy authentication control
  15. Risk-based access management
  16. MFA configuration
  17. Application control
  18. Password policy management
  19. Role management
  20. Alert configuration
  21. Policy status reporting

Data Flow

graph TD
    A[MCP Client] -->|Request| B[MCP Server]
    B -->|Authentication| C[Token Manager]
    C -->|Access Token| D[Graph Client]
    D -->|API Calls| E[Microsoft Graph]
    E -->|Response| D
    D -->|Results| B
    B -->|Response| A

Prerequisites

  • Node.js 18.x or higher
  • Microsoft 365 tenant with admin access
  • Azure AD application with required permissions:
  • Policy.ReadWrite.All
  • RoleManagement.ReadWrite.All
  • User.Read.All
  • Application.ReadWrite.All

Installation

Installing via Smithery

To install CISA M365 MCP Server automatically via Smithery:

npx -y @smithery/cli install cisa-m365

You can also directly copy the MCP settings and definitions from Smithery Protocol Directory and add the MCP server to your Claude or LLM setup that supports MCP protocol.

  1. Clone the repository: 

    git clone https://github.com/DynamicEndpoints/BOD-25-01-CSA-MCP.git
cd cisa-m365

  2. Install dependencies: 

    npm install

  3. Build the server: 

    npm run build

Configuration

  1. Create Azure AD application:
  2. Navigate to Azure Portal > Azure Active Directory
  3. Register a new application
  4. Add required API permissions

  5. Create a client secret

  6. Configure environment variables: 

    cp .env.example .env

Edit .env file: 

TENANT_ID=your-tenant-id
CLIENT_ID=your-client-id
CLIENT_SECRET=your-client-secret

  1. Configure MCP settings:
{
  "mcpServers": {
    "cisa-m365": {
      "command": "node",
      "args": ["path/to/cisa-m365/build/index.js"],
      "env": {
        "TENANT_ID": "your-tenant-id",
        "CLIENT_ID": "your-client-id",
        "CLIENT_SECRET": "your-client-secret"
      }
    }
  }
}

Usage

Available Tools

block_legacy_auth

Block legacy authentication methods.

{}

block_high_risk_users

Block users detected as high risk.

{}

enforce_phishing_resistant_mfa

Enforce phishing-resistant MFA for all users.

{}

configure_global_admins

Configure Global Administrator role assignments.

{
  "userIds": ["user1-id", "user2-id"]
}

get_policy_status

Get current status of all security policies.

{}

Example Usage

// Block legacy authentication
const result = await client.callTool('block_legacy_auth', {});

// Get policy status
const status = await client.callTool('get_policy_status', {});

API Reference

Policy Settings API

interface PolicySettings {
  legacyAuthentication: {
    blocked: boolean;
    compliant: boolean;
  };
  highRiskUsers: {
    blocked: boolean;
    compliant: boolean;
  };
  mfa: {
    phishingResistant: boolean;
    alternativeEnabled: boolean;
    compliant: boolean;
  };
  applications: {
    registrationRestricted: boolean;
    consentRestricted: boolean;
    compliant: boolean;
  };
  passwords: {
    expirationDisabled: boolean;
    compliant: boolean;
  };
  roles: {
    globalAdminCount: number;
    granularRolesEnforced: boolean;
    pamEnforced: boolean;
    compliant: boolean;
  };
}

Error Handling

The server implements comprehensive error handling:

  1. Authentication Errors
  2. Token acquisition failures
  3. Permission issues

  4. Tenant configuration problems

  5. API Errors

  6. Graph API request failures
  7. Rate limiting

  8. Service unavailability

  9. Validation Errors

  10. Invalid arguments
  11. Missing required parameters

  12. Type mismatches

  13. Runtime Errors

  14. Network issues
  15. Timeout problems
  16. Resource constraints

Example error response: 

{
  "error": {
    "code": "InvalidParams",
    "message": "Invalid role assignment arguments",
    "details": {
      "parameter": "userIds",
      "constraint": "Must have between 2 and 8 users",
      "received": "1 user"
    }
  }
}

Testing

  1. Run unit tests: 

    npm test

  2. Run integration tests: 

    npm run test:integration

  3. Run compliance tests: 

    npm run test:compliance

Security Considerations

  1. Authentication
  2. Use secure token storage
  3. Implement token rotation

  4. Monitor for suspicious activity

  5. API Access

  6. Follow least privilege principle
  7. Regular permission audits

  8. Monitor API usage

  9. Data Protection

  10. No sensitive data logging
  11. Secure configuration storage

  12. Regular security scans

  13. Compliance

  14. Regular compliance checks
  15. Automated policy verification
  16. Audit logging

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Run tests
  5. Submit a pull request

Guidelines: - Follow existing code style - Add tests for new features - Update documentation - Keep commits atomic

License

MIT

[
  {
    "description": "Block legacy authentication (MS.AAD.1.1v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "block_legacy_auth"
  },
  {
    "description": "Block users detected as high risk (MS.AAD.2.1v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "block_high_risk_users"
  },
  {
    "description": "Block sign-ins detected as high risk (MS.AAD.2.3v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "block_high_risk_signins"
  },
  {
    "description": "Enforce phishing-resistant MFA for all users (MS.AAD.3.1v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "enforce_phishing_resistant_mfa"
  },
  {
    "description": "Enforce alternative MFA method if phishing-resistant MFA not enforced (MS.AAD.3.2v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "enforce_alternative_mfa"
  },
  {
    "description": "Configure Microsoft Authenticator to show login context (MS.AAD.3.3v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "configure_authenticator_context"
  },
  {
    "description": "Set Authentication Methods Manage Migration to Complete (MS.AAD.3.4v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "complete_auth_methods_migration"
  },
  {
    "description": "Enforce phishing-resistant MFA for privileged roles (MS.AAD.3.6v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "enforce_privileged_mfa"
  },
  {
    "description": "Allow only administrators to register applications (MS.AAD.5.1v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "restrict_app_registration"
  },
  {
    "description": "Allow only administrators to consent to applications (MS.AAD.5.2v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "restrict_app_consent"
  },
  {
    "description": "Configure admin consent workflow for applications (MS.AAD.5.3v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "configure_admin_consent"
  },
  {
    "description": "Prevent group owners from consenting to applications (MS.AAD.5.4v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "restrict_group_consent"
  },
  {
    "description": "Disable password expiration (MS.AAD.6.1v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "disable_password_expiry"
  },
  {
    "description": "Configure Global Administrator role assignments (MS.AAD.7.1v1)",
    "inputSchema": {
      "properties": {
        "userIds": {
          "description": "List of user IDs to assign Global Administrator role",
          "items": {
            "type": "string"
          },
          "maxItems": 8,
          "minItems": 2,
          "type": "array"
        }
      },
      "required": [
        "userIds"
      ],
      "type": "object"
    },
    "name": "configure_global_admins"
  },
  {
    "description": "Enforce use of granular roles instead of Global Administrator (MS.AAD.7.2v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "enforce_granular_roles"
  },
  {
    "description": "Enforce cloud-only accounts for privileged users (MS.AAD.7.3v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "enforce_cloud_accounts"
  },
  {
    "description": "Enforce PAM system for privileged role assignments (MS.AAD.7.5v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "enforce_pam"
  },
  {
    "description": "Configure approval requirement for Global Administrator activation (MS.AAD.7.6v1)",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "configure_global_admin_approval"
  },
  {
    "description": "Configure alerts for privileged role assignments (MS.AAD.7.7v1)",
    "inputSchema": {
      "properties": {
        "notificationEmails": {
          "description": "Email addresses to notify on role assignments",
          "items": {
            "type": "string"
          },
          "type": "array"
        }
      },
      "required": [
        "notificationEmails"
      ],
      "type": "object"
    },
    "name": "configure_role_alerts"
  },
  {
    "description": "Configure alerts for Global Administrator activation (MS.AAD.7.8v1)",
    "inputSchema": {
      "properties": {
        "notificationEmails": {
          "description": "Email addresses to notify on role activation",
          "items": {
            "type": "string"
          },
          "type": "array"
        }
      },
      "required": [
        "notificationEmails"
      ],
      "type": "object"
    },
    "name": "configure_admin_alerts"
  },
  {
    "description": "Get current status of all CISA M365 security policies",
    "inputSchema": {
      "properties": {},
      "type": "object"
    },
    "name": "get_policy_status"
  }
]