High-risk tools in Response MCP Server
10 of the 23 tools in Response MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
force_ad_password_resetExecuteForce an Active Directory user to change their password at next logon through Microsoft Defender for Identity. Use for credential theft scenarios (e.g., Mimikatz detection). Not...
-
remove_code_restrictionExecuteRemove code execution restrictions from a device, allowing all applications to run again.
-
revoke_entra_sessionsExecuteRevoke all Entra ID (Azure AD) sign-in sessions and refresh tokens for a user. Forces re-authentication on all devices and applications. Use when credentials are compromised or ...
-
run_antivirus_scanExecuteInitiate a Microsoft Defender Antivirus scan on a device. Quick scan checks common malware locations, Full scan checks entire disk.
-
stop_and_quarantineExecuteStop a running process and quarantine the associated file on a device. Requires the SHA1 hash of the file.
-
isolate_multipleExecuteIsolate multiple devices from the network in a single operation. Provide a comma-separated list of device names.
-
collect_investigation_packageExecuteCollect a forensic investigation package from a device containing system information, logs, and diagnostic data. Requires MCP.Admin role.
-
isolate_deviceExecuteIsolate a device from the network to prevent lateral movement. Use Full isolation to block all connections, or Selective to allow Outlook/Teams/Skype.
-
release_deviceExecuteRelease a previously isolated device from network isolation, restoring full connectivity.
-
restrict_code_executionExecuteRestrict code execution on a device to only allow Microsoft-signed applications.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.