Critical-risk tools in SharePoint Online MCP Server

Critical severity SharePoint Online MCP Server MCP Server 13 of 56 tools

13 of the 56 tools in SharePoint Online MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

batchDeleteListItems Destructive

Delete multiple items from a SharePoint list using a single batch request
deleteList Destructive

Delete a SharePoint list or document library
deleteListContentType Destructive

Delete a content type from a SharePoint list
deleteListField Destructive

Delete a field (column) from a SharePoint list
deleteListItem Destructive

Delete an item from a SharePoint list
deleteListView Destructive

Delete a view from a SharePoint list
deleteModernPage Destructive

Delete a modern page from SharePoint
deleteNavigationLink Destructive

Delete a navigation link from a SharePoint site (global or quick navigation)
deleteSiteContentType Destructive

Delete a content type from a SharePoint site
deleteSubsite Destructive

Delete a SharePoint subsite
removeAllViewFields Destructive

Remove all fields from a SharePoint list view
removeGroupMember Destructive

Remove a user from a SharePoint group
removeViewField Destructive

Remove a field from a SharePoint list view

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in SharePoint Online MCP Server

Tools at critical risk

Attacks that target this class

More on SharePoint Online MCP Server

Enforce policy on every SharePoint Online MCP Server tool call.