nexus-mcp/archive/Identity/CoPilot Generated Deployment Plan.md

# Identity MCP – Deployment Plan

## Scope definition (what “Identity MCP” means here)

**Identity MCP** in your environment = an MCP server that exposes **Active Directory + Entra ID identity state and approved identity operations** to AI clients **without replacing existing IAM processes**.

**Authoritative systems remain unchanged**:

*   On‑prem Active Directory
*   Entra ID (Azure AD)
*   Microsoft 365 admin center
*   Service desk ticketing

MCP becomes a **governed interface**, not a new identity system.

***

## Phase 0 – Pre‑deployment alignment (required)

### Inputs already in your tenant

Your identity operations are well‑documented and standardized:

*   AD scripts and procedures for:
    *   Group membership
    *   VPN access
    *   Termination workflows [\[Active Directory \| OneNote\]](https://wheelsinc.sharepoint.com/sites/WheelsITServiceDesk/_layouts/15/Doc.aspx?action=edit&mobileredirect=true&wdorigin=Sharepoint&DefaultItemOpen=1&sourcedoc={04cb4993-3d7c-4785-b67f-6a6afefdcaa8}&wd=target(/PowerShell.one/)&wdpartid={4d895098-550e-0b0c-194c-af7c0195f51e}{1}&wdsectionfileid={7ffa6051-4ff6-4039-96a0-8533c34d8ade}), [\[Active Directory \| OneNote\]](https://wheelsinc.sharepoint.com/sites/WheelsITServiceDesk/_layouts/15/Doc.aspx?action=edit&mobileredirect=true&wdorigin=Sharepoint&DefaultItemOpen=1&sourcedoc={04cb4993-3d7c-4785-b67f-6a6afefdcaa8}&wd=target(/User Termination.one/)&wdpartid={b2ba40a3-f389-4021-9ec5-54268ce102ab}{1}&wdsectionfileid={33ca8871-68c7-4218-a016-fca812102c86})
*   New‑hire and onboarding SOPs with explicit AD and Entra steps [\[Onboarding...ount setup \| Word\]](https://wheelsinc.sharepoint.com/sites/WheelsITServiceDesk/_layouts/15/Doc.aspx?sourcedoc=%7B2594F0FC-A36C-40A2-A5E8-C227EE9ACC6F%7D&file=Onboarding%20Process%20-%20New%20account%20setup.docx&action=default&mobileredirect=true&DefaultItemOpen=1), [\[Latest Ser...ount setup \| Word\]](https://wheelsinc.sharepoint.com/sites/WheelsITDesksideServices/_layouts/15/Doc.aspx?sourcedoc=%7B8B3CF4B1-D9C1-4A6F-A5AA-99277B453783%7D&file=Latest%20Service%20Desk%20Documentation%20-%20New%20account%20setup.docx&action=default&mobileredirect=true&DefaultItemOpen=1)
*   Device and user setup SOPs that depend on identity state [\[Device Ima...Setup SoP \| Word\]](https://wheelsinc.sharepoint.com/sites/WheelsITDesksideServices/_layouts/15/Doc.aspx?sourcedoc=%7B8BF1A3D1-C48A-4921-86FD-6A00AC9FE198%7D&file=Device%20Image%20and%20Setup%20SoP.docx&action=default&mobileredirect=true&DefaultItemOpen=1), [\[IT-SOP-009...vice Setup \| PDF\]](https://wheelsinc.sharepoint.com/sites/WheelsITDesksideServices/Shared%20Documents/General/SOPs/IT-SOP-009%20New%20Device%20Setup.pdf?web=1)

### Deliverables

*   ✅ List of **approved identity operations**
*   ✅ Service account model
*   ✅ Read vs write separation

No MCP code is written until this is agreed.

***

## Phase 1 – Read‑only Identity MCP (foundation)

### Objective

Allow AI to **observe identity state safely**.

### MCP server capabilities (read‑only)

Expose **only** what your team already queries manually:

**Users**

*   Enabled / disabled
*   OU
*   Description (termination markers)
*   Last logon

**Groups**

*   Group membership for a user
*   Members of a group
*   VPN‑related group membership (already queried today) [\[Active Directory \| OneNote\]](https://wheelsinc.sharepoint.com/sites/WheelsITServiceDesk/_layouts/15/Doc.aspx?action=edit&mobileredirect=true&wdorigin=Sharepoint&DefaultItemOpen=1&sourcedoc={04cb4993-3d7c-4785-b67f-6a6afefdcaa8}&wd=target(/PowerShell.one/)&wdpartid={4d895098-550e-0b0c-194c-af7c0195f51e}{1}&wdsectionfileid={7ffa6051-4ff6-4039-96a0-8533c34d8ade})

**Computers**

*   Device accounts
*   OU placement

### Technical pattern

*   MCP server runs under **dedicated AD service account**
*   Permissions: *Read Directory Data only*
*   Each MCP tool maps **1:1 to an existing PowerShell query**

No abstraction magic. No new logic.

### Example MCP tools

    identity.getUser(username)
    identity.getUserGroups(username)
    identity.getGroupMembers(groupName)
    identity.findStaleUsers(days)
    identity.getComputer(computerName)

✅ **Outcome**  
AI can answer questions your team already investigates manually—without taking action.

***

## Phase 2 – Correlated identity insight

### Objective

Connect identity data to **device and process context**.

At this point, Identity MCP is used *together with*:

*   Intune MCP
*   Inventory MCP
*   Service Desk MCP (read‑only)

### Example queries unlocked

*   “Which users still have VPN access but are no longer active?”
*   “Which devices belong to disabled users but are still domain‑joined?”
*   “Which onboarding tickets are missing required group assignments?”

This directly supports SOP enforcement without automation.

✅ **Outcome**  
Identity becomes **context**, not just attributes.

***

## Phase 3 – Controlled write actions (SOP‑aligned)

### Objective

Introduce **safe, reversible identity actions** that already exist in SOPs.

### Allowed write actions (initial)

Based strictly on documented procedures:

*   Add/remove user from **non‑privileged groups**
*   Update user description fields (termination markers) [\[Active Directory \| OneNote\]](https://wheelsinc.sharepoint.com/sites/WheelsITServiceDesk/_layouts/15/Doc.aspx?action=edit&mobileredirect=true&wdorigin=Sharepoint&DefaultItemOpen=1&sourcedoc={04cb4993-3d7c-4785-b67f-6a6afefdcaa8}&wd=target(/User Termination.one/)&wdpartid={b2ba40a3-f389-4021-9ec5-54268ce102ab}{1}&wdsectionfileid={33ca8871-68c7-4218-a016-fca812102c86})
*   Move users or computers between **approved OUs**

🚫 Explicitly excluded initially:

*   Account deletion
*   Privileged group changes
*   Password resets
*   MFA changes

### Guardrail model

1.  AI proposes action
2.  Human approves
3.  MCP executes
4.  Result logged (ticket or audit log)

No silent execution.

✅ **Outcome**  
AI assists identity work **without becoming an identity admin**.

***

## Phase 4 – Identity MCP + Service Desk coupling

### Objective

Tie identity state to **work tracking and compliance**.

Your SOPs already require ticket updates and closure steps. [\[Latest Ser...ount setup \| Word\]](https://wheelsinc.sharepoint.com/sites/WheelsITDesksideServices/_layouts/15/Doc.aspx?sourcedoc=%7B8B3CF4B1-D9C1-4A6F-A5AA-99277B453783%7D&file=Latest%20Service%20Desk%20Documentation%20-%20New%20account%20setup.docx&action=default&mobileredirect=true&DefaultItemOpen=1)

### MCP enables

*   Linking identity actions to tickets automatically
*   Preventing “work done, ticket forgotten”
*   Auditable identity changes tied to request origin

✅ **Outcome**  
Identity actions become traceable, not tribal knowledge.

***

## Security & governance controls (non‑negotiable)

### Identity

*   Separate MCP service account
*   No reuse of admin credentials
*   Least‑privilege per operation

### Audit

*   Every MCP call logged
*   Tool name + parameters + result recorded
*   Correlates to human prompt

### Change control

*   MCP tool definitions version‑controlled
*   Changes reviewed like scripts
*   SOP changes trigger MCP review

***

## What Identity MCP deliberately does *not* do

*   Replace ADUC or Azure Portal
*   Auto‑provision users
*   Decide identity policy
*   Bypass approvals

Identity MCP is **assistive infrastructure**, not automation for automation’s sake.

***

## Rollout summary (executive‑safe)

| Phase | Capability                 | Risk                |
| ----- | -------------------------- | ------------------- |
| 1     | Read‑only identity queries | None                |
| 2     | Cross‑system correlation   | Low                 |
| 3     | SOP‑approved writes        | Medium (controlled) |
| 4     | Ticket integration         | Low                 |

***

## One‑sentence summary

> Identity MCP in your environment should start as a **read‑only mirror of existing AD knowledge**, then gradually expose **only those identity actions already defined in SOPs**, with human approval and audit at every step.

***