High-risk tools in Microsoft 365 Core MCP Server
8 of the 62 tools in Microsoft 365 Core MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
call_microsoft_apiExecuteMake direct calls to any Microsoft Graph or Azure Resource Management API endpoint with full control over HTTP methods and parameters.
-
Dynamicendpoint_automation_assistantExecuteActs as a versatile assistant to call any Microsoft Graph or Azure Resource Management API endpoint. Use this for managing users, groups, applications, devices, policies (Condit...
-
execute_graph_batchExecuteExecute multiple Microsoft Graph API requests in a single batch operation for improved performance and efficiency.
-
execute_graph_searchExecuteExecute advanced search queries across Microsoft 365 content including emails, files, messages, and calendar events.
-
manage_alertsExecuteManage security alerts from Microsoft Defender and other security products including investigation and remediation.
-
manage_intune_macos_devicesExecuteManage macOS devices in Intune including enrollment, compliance policies, device actions, and inventory management.
-
manage_intune_windows_devicesExecuteManage Windows devices in Intune including enrollment, autopilot deployment, device actions, and health monitoring.
-
oauth_authorizeExecuteManage OAuth 2.0 authorization for user-delegated access to OneDrive and SharePoint files with secure token handling.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.