CISA M365 MCP Server

What is this MCP

This MCP server implements CISA Binding Operational Directive 25-01 security controls for Microsoft 365 (Azure AD/Entra ID). It provides tools for configuring and managing Microsoft 365 security settings to meet federal compliance requirements.

How to use this MCP

The MCP can be installed via Smithery or manually configured with Azure AD application credentials. It exposes tools like block_legacy_auth and enforce_phishing_resistant_mfa that can be called via the MCP protocol to manage security policies.

What this MCP can be used for

This MCP is designed for organizations needing to comply with CISA BOD 25-01 requirements. It can be used to block legacy authentication, enforce MFA, manage privileged roles, configure application controls, and monitor compliance across Microsoft 365 environments.