BOD-25-01-CSA-Microsoft-Policy-MCP
BOD 25-01: Implementing Secure Practices for Cloud Services Required Configurations MCP - DynamicEndpoints/Automated-BOD-25-01-CISA-Microsoft-Policies-MCP
DynamicEndpoints
README
CISA M365 MCP Server
A Model Context Protocol (MCP) server implementing CISA Binding Operational Directive 25-01 security controls for Microsoft 365 (Azure AD/Entra ID).
Table of Contents
- Overview
- Security Controls
- Architecture
- Prerequisites
- Installation
- Configuration
- Usage
- API Reference
- Error Handling
- Testing
- Security Considerations
- Contributing
- License
Overview
This MCP server provides tools for configuring and managing Microsoft 365 security settings in accordance with BOD 25-01 requirements. It integrates with Microsoft Graph API to enforce security controls, monitor compliance, and provide detailed reporting.
Key Features
- Legacy authentication controls
- Risk-based access controls
- Multi-factor authentication management
- Application registration and consent controls
- Password policy management
- Privileged role management
- Cloud-only account enforcement
- PAM system integration
- Comprehensive compliance reporting
- Token-based authentication
- Type-safe argument validation
- Detailed error handling and logging
Security Controls
MS.AAD.1.1v1
Due Date: 06/20/2025
Block legacy authentication:
- Disables legacy authentication protocols
- Reduces attack surface
- Improves security posture
Implementation details:
await graphClient .api('/policies/authenticationMethodsPolicy') .patch({ allowLegacyAuthentication: false, blockLegacyAuthenticationMethods: true, });
MS.AAD.2.1v1 & MS.AAD.2.3v1
Due Date: 06/20/2025
Block high-risk users and sign-ins:
- Blocks users detected as high risk
- Blocks sign-ins detected as high risk
- Leverages Microsoft's threat intelligence
Implementation details:
await graphClient .api('/policies/identitySecurityDefaultsEnforcementPolicy') .patch({ blockHighRiskUsers: true, riskLevelForBlocking: 'high', });
MS.AAD.3.1v1, MS.AAD.3.2v1, MS.AAD.3.3v1
Due Date: 06/20/2025
MFA configuration:
- Enforces phishing-resistant MFA
- Configures alternative MFA methods
- Shows login context in Microsoft Authenticator
Implementation details:
await graphClient .api('/policies/authenticationMethodsPolicy') .patch({ policies: { fido2: { isEnabled: true, isSelfServiceRegistrationAllowed: true, }, windowsHelloForBusiness: { isEnabled: true, isSelfServiceRegistrationAllowed: true, }, }, });
MS.AAD.5.1v1, MS.AAD.5.2v1, MS.AAD.5.3v1, MS.AAD.5.4v1
Due Date: 06/20/2025
Application controls:
- Restricts app registration to admins
- Restricts app consent to admins
- Configures admin consent workflow
- Blocks group owner consent
Implementation details:
await graphClient .api('/policies/applicationRegistrationManagement') .patch({ restrictAppRegistration: true, restrictNonAdminUsers: true, });
MS.AAD.6.1v1
Due Date: 06/20/2025
Password policy:
- Disables password expiration
- Follows modern security best practices
Implementation details:
await graphClient .api('/policies/passwordPolicy') .patch({ passwordExpirationPolicy: { passwordExpirationDays: 0, neverExpire: true, }, });
MS.AAD.7.1v1 through MS.AAD.7.8v1
Due Date: 06/20/2025
Privileged role management:
- Limits Global Administrator count
- Enforces granular roles
- Requires cloud-only accounts
- Enforces PAM system usage
- Configures approval workflows
- Sets up alerting
Implementation details:
await graphClient .api('/policies/roleManagementPolicies') .patch({ enforceGranularRoles: true, blockGlobalAdminForGeneralUse: true, requireApprovalForGlobalAdmin: true, });
Architecture
Components
-
Server Class
- Handles MCP protocol implementation
- Manages tool registration and execution
- Implements error handling and logging
-
Authentication
- Token-based authentication with Microsoft Graph API
- Automatic token refresh
- Secure credential management
-
Graph Client
- Wrapper around Microsoft Graph API
- Type-safe request/response handling
- Retry logic and error handling
-
Tools
- Legacy authentication control
- Risk-based access management
- MFA configuration
- Application control
- Password policy management
- Role management
- Alert configuration
- Policy status reporting
Data Flow
graph TD A[MCP Client] -->|Request| B[MCP Server] B -->|Authentication| C[Token Manager] C -->|Access Token| D[Graph Client] D -->|API Calls| E[Microsoft Graph] E -->|Response| D D -->|Results| B B -->|Response| A
Prerequisites
- Node.js 18.x or higher
- Microsoft 365 tenant with admin access
- Azure AD application with required permissions:
- Policy.ReadWrite.All
- RoleManagement.ReadWrite.All
- User.Read.All
- Application.ReadWrite.All
Installation
- Clone the repository:
git clone https://github.com/DynamicEndpoints/BOD-25-01-CSA-MCP.git cd cisa-m365
-
Install dependencies:
-
Build the server:
Configuration
-
Create Azure AD application:
- Navigate to Azure Portal > Azure Active Directory
- Register a new application
- Add required API permissions
- Create a client secret
-
Configure environment variables:
Edit .env file:
TENANT_ID=your-tenant-id CLIENT_ID=your-client-id CLIENT_SECRET=your-client-secret
- Configure MCP settings:
{ "mcpServers": { "cisa-m365": { "command": "node", "args": ["path/to/cisa-m365/build/index.js"], "env": { "TENANT_ID": "your-tenant-id", "CLIENT_ID": "your-client-id", "CLIENT_SECRET": "your-client-secret" } } } }
Usage
Available Tools
block_legacy_auth
Block legacy authentication methods.
block_high_risk_users
Block users detected as high risk.
enforce_phishing_resistant_mfa
Enforce phishing-resistant MFA for all users.
configure_global_admins
Configure Global Administrator role assignments.
{ "userIds": ["user1-id", "user2-id"] }
get_policy_status
Get current status of all security policies.
Example Usage
// Block legacy authentication const result = await client.callTool('block_legacy_auth', {});
// Get policy status const status = await client.callTool('get_policy_status', {});
API Reference
Policy Settings API
interface PolicySettings { legacyAuthentication: { blocked: boolean; compliant: boolean; }; highRiskUsers: { blocked: boolean; compliant: boolean; }; mfa: { phishingResistant: boolean; alternativeEnabled: boolean; compliant: boolean; }; applications: { registrationRestricted: boolean; consentRestricted: boolean; compliant: boolean; }; passwords: { expirationDisabled: boolean; compliant: boolean; }; roles: { globalAdminCount: number; granularRolesEnforced: boolean; pamEnforced: boolean; compliant: boolean; }; }
Error Handling
The server implements comprehensive error handling:
-
Authentication Errors
- Token acquisition failures
- Permission issues
- Tenant configuration problems
-
API Errors
- Graph API request failures
- Rate limiting
- Service unavailability
-
Validation Errors
- Invalid arguments
- Missing required parameters
- Type mismatches
-
Runtime Errors
- Network issues
- Timeout problems
- Resource constraints
Example error response:
{ "error": { "code": "InvalidParams", "message": "Invalid role assignment arguments", "details": { "parameter": "userIds", "constraint": "Must have between 2 and 8 users", "received": "1 user" } } }
Testing
-
Run unit tests:
-
Run integration tests:
-
Run compliance tests:
Security Considerations
-
Authentication
- Use secure token storage
- Implement token rotation
- Monitor for suspicious activity
-
API Access
- Follow least privilege principle
- Regular permission audits
- Monitor API usage
-
Data Protection
- No sensitive data logging
- Secure configuration storage
- Regular security scans
-
Compliance
- Regular compliance checks
- Automated policy verification
- Audit logging
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Run tests
- Submit a pull request
Guidelines:
- Follow existing code style
- Add tests for new features
- Update documentation
- Keep commits atomic
License
MIT
Recommended Servers
Claude Code MCP
An implementation of Claude Code as a Model Context Protocol server that enables using Claude's software engineering capabilities (code generation, editing, reviewing, and file operations) through the standardized MCP interface.
contentful-mcp
Update, create, delete content, content-models and assets in your Contentful Space
Supabase MCP Server
A Model Context Protocol (MCP) server that provides programmatic access to the Supabase Management API. This server allows AI models and other clients to manage Supabase projects and organizations through a standardized interface.
@kazuph/mcp-gmail-gas
Model Context Protocol server for Gmail integration. This allows Claude Desktop (or any MCP client) to interact with your Gmail account through Google Apps Script.
Metabase MCP Server
Enables AI assistants to interact with Metabase databases and dashboards, allowing users to list and execute queries, access data visualizations, and interact with database resources through natural language.
Linear MCP Server
A Model Context Protocol server that integrates with Linear's issue tracking system, allowing LLMs to create, update, search, and comment on Linear issues through natural language interactions.
Airtable MCP Server
A Model Context Protocol server that provides tools for programmatically managing Airtable bases, tables, fields, and records through Claude Desktop or other MCP clients.
Azure MCP Server
Enables natural language interaction with Azure services through Claude Desktop, supporting resource management, subscription handling, and tenant selection with secure authentication.
SettleMint
Leverage SettleMint's Model Context Protocol server to seamlessly interact with enterprise blockchain infrastructure. Build, deploy, and manage smart contracts through AI-powered assistants, streamlining your blockchain development workflow for maximum efficiency.
Brev
Run, build, train, and deploy ML models on the cloud.