tools: - name: block_legacy_auth description: Block legacy authentication (MS.AAD.1.1v1) inputSchema: type: object properties: {} - name: block_high_risk_users description: Block users detected as high risk (MS.AAD.2.1v1) inputSchema: type: object properties: {} - name: block_high_risk_signins description: Block sign-ins detected as high risk (MS.AAD.2.3v1) inputSchema: type: object properties: {} - name: enforce_phishing_resistant_mfa description: Enforce phishing-resistant MFA for all users (MS.AAD.3.1v1) inputSchema: type: object properties: {} - name: enforce_alternative_mfa description: Enforce alternative MFA method if phishing-resistant MFA not enforced (MS.AAD.3.2v1) inputSchema: type: object properties: {} - name: configure_authenticator_context description: Configure Microsoft Authenticator to show login context (MS.AAD.3.3v1) inputSchema: type: object properties: {} - name: complete_auth_methods_migration description: Set Authentication Methods Manage Migration to Complete (MS.AAD.3.4v1) inputSchema: type: object properties: {} - name: enforce_privileged_mfa description: Enforce phishing-resistant MFA for privileged roles (MS.AAD.3.6v1) inputSchema: type: object properties: {} - name: restrict_app_registration description: Allow only administrators to register applications (MS.AAD.5.1v1) inputSchema: type: object properties: {} - name: restrict_app_consent description: Allow only administrators to consent to applications (MS.AAD.5.2v1) inputSchema: type: object properties: {} - name: configure_admin_consent description: Configure admin consent workflow for applications (MS.AAD.5.3v1) inputSchema: type: object properties: {} - name: restrict_group_consent description: Prevent group owners from consenting to applications (MS.AAD.5.4v1) inputSchema: type: object properties: {} - name: disable_password_expiry description: Disable password expiration (MS.AAD.6.1v1) inputSchema: type: object properties: {} - name: configure_global_admins description: Configure Global Administrator role assignments (MS.AAD.7.1v1) inputSchema: type: object required: - userIds properties: userIds: type: array items: type: string maxItems: 8 minItems: 2 description: List of user IDs to assign Global Administrator role - name: enforce_granular_roles description: Enforce use of granular roles instead of Global Administrator (MS.AAD.7.2v1) inputSchema: type: object properties: {} - name: enforce_cloud_accounts description: Enforce cloud-only accounts for privileged users (MS.AAD.7.3v1) inputSchema: type: object properties: {} - name: enforce_pam description: Enforce PAM system for privileged role assignments (MS.AAD.7.5v1) inputSchema: type: object properties: {} - name: configure_global_admin_approval description: Configure approval requirement for Global Administrator activation (MS.AAD.7.6v1) inputSchema: type: object properties: {} - name: configure_role_alerts description: Configure alerts for privileged role assignments (MS.AAD.7.7v1) inputSchema: type: object required: - notificationEmails properties: notificationEmails: type: array items: type: string description: Email addresses to notify on role assignments - name: configure_admin_alerts description: Configure alerts for Global Administrator activation (MS.AAD.7.8v1) inputSchema: type: object required: - notificationEmails properties: notificationEmails: type: array items: type: string description: Email addresses to notify on role activation - name: get_policy_status description: Get current status of all CISA M365 security policies inputSchema: type: object properties: {}