LIVE · INCIDENT RESOLUTION & INVESTIGATION SYSTEM

Claude reads the IT stack.

Iris is a read-only MCP server unifying seven systems — Entra, Intune, Defender, Exchange/Purview, NinjaOne, SentinelOne, and UniFi — into one data layer for IT ticket triage. It powers the @iris Slack bot and works directly inside Claude. Permission-isolated, allow-list gated, read-only by design.

7 platforms read-only by design GitHub ↗
The pattern

Read-only, permission-isolated, mounted under one prefix.

Iris runs as a separate Railway service behind the Brightpath proxy. The proxy forwards /iris/* to Iris and strips the prefix — it does no auth itself. Iris owns its own Azure app registration, its own allow-list, and its own bearer tokens. That isolation is the point: scope on Iris doesn't widen anything on the main MCP, and a permissions slip-up on one side stays on that side.

01
Mounted at /iris
The Brightpath proxy forwards /iris/* with the prefix stripped. No auth at the proxy — Iris is the gatekeeper.
02
Microsoft 365 SSO
Sign in with Entra (OIDC), dynamic client registration, self-issued 30-day bearer tokens persisted across restarts.
03
Allow-list gated
IRIS_ALLOWED_EMAILS — fail closed. An empty list denies everyone, including the org's own admins.
04
Read-only by design
No writes, no remediation, no reset-password tool. Iris reports; humans act. The principle stays as connectors land.
WHAT IRIS ANSWERS · GROUPED BY DOMAIN
01 · Identity & devices
👤
Internal · Microsoft Graph
Who they are, what they're on

Entra and Intune cover the identity questions in every ticket: who is this user, what device are they using, is it compliant and enrolled, when did they last sign in. The data layer is Microsoft Graph, app-only, read-only.

Platforms Entra ID · Intune
Source Microsoft Graph (app-only)
Auth Client credentials · Entra tenant
Reads Users · devices · sign-in logs · compliance
02 · Threat & endpoint
🛡️
Internal · Graph + S1
What's flagged on them, and where

Defender and SentinelOne surface the security signals: open alerts, vulnerable software, agent health, recent threats. Two systems, one normalized view — useful when a ticket might be a user issue, a malware event, or both.

Platforms Defender · SentinelOne (mgmt + Data Lake)
Source MS Graph Security · S1 API
Auth App-only · API token (Viewer scope)
Reads Alerts · incidents · vulnerabilities · agents
03 · Mail & compliance
✉️
Internal · Microsoft Graph
What landed in the inbox

Exchange message trace answers "did this email actually arrive," and Purview surfaces compliance signals. Message trace is Graph beta/preview and needs separate onboarding — Iris probes it and routes around it until it's enabled on the tenant.

Platforms Exchange · Purview
Source Microsoft Graph (beta)
Auth App-only (shared Entra app)
Status Probe-aware; beta onboarding pending
04 · Operations & network
🛰️
Internal · Ninja + UniFi
Is the box up, is the network healthy

NinjaOne tells you whether the user's machine is actually online and what software's on it. UniFi shows the network it's sitting on — site/WAN-level today via the cloud API; per-client firewall data lands when local controller access is in place.

Platforms NinjaOne · UniFi
Source NinjaOne API · UniFi Site Manager
Auth Client credentials · API key
Coverage Site / WAN cloud (per-client TBD)
Runtime
Node.js MCP server Railway
Auth
Microsoft 365 SSO OIDC 30-day bearer Allow-list
Data sources
Microsoft Graph NinjaOne API SentinelOne UniFi Site Manager
Surfaces
@iris Slack bot Direct in Claude

Iris is an internal system at YourPolicy — not a public product. A read-only MCP server unifying seven IT platforms, deployed on Railway behind Microsoft 365 SSO and an allow-list.