Siemserva + Anthropic Claude

Full AI and security power for $99 a month.

Deep AI integration for Microsoft 365, Entra ID, and Intune security. Built by Senserva, LLC, a Microsoft MISA member.

Coming April 16th. Leaving you time for your taxes.

Security Analysis Through Conversation

Not just "list my findings." Claude reasons about your environment, connects dots across domains, and surfaces attack paths that dashboards cannot show.

You
Are we vulnerable to the kind of attack that hit Stryker Corporation?
Claude
Yes, you have exposure. The Stryker breach exploited a compromised admin account to mass-wipe devices via Intune. In your environment: Multi-Admin Approval is not enabled for device wipe actions, 2 admin accounts use SMS-based MFA (vulnerable to SIM swap), and both have permanent Global Administrator assignments without PIM. A single compromised credential could wipe your entire managed device fleet. I also see no Conditional Access policy requiring compliant devices for admin portal access, which means these accounts can authenticate from unmanaged machines. Three things to fix immediately: enable MAA for destructive Intune actions, convert both accounts to FIDO2 MFA, and require PIM activation for Global Admin.
You
Who can reach Global Admin through group nesting? And are any of those paths through stale accounts?
Claude
I traversed the identity graph and found 4 paths to Global Administrator through nested group memberships. Two are direct assignments (expected). But two reach Global Admin through group nesting: one account reaches it via IT-Admins → Tier-1-Ops → Directory Roles (2 hops), and a service principal reaches it via DevOps-Automation → Privileged-Ops → Directory Roles. The service principal has been inactive for 127 days with an expired credential, but the group membership is still active. If someone re-provisions that credential, they inherit Global Admin. This is the kind of hidden privilege escalation path that Microsoft's admin portals do not surface because no single dashboard shows the full group nesting chain combined with credential status.
You
We have a CISA audit coming up. What SCuBA controls are we failing and which ones can we fix this week?
Claude
You are failing 7 SCuBA controls across AAD and Exchange. The fastest to close: MS.AAD.1.1v1 (legacy auth blocking) can be fixed in under an hour with one Conditional Access policy. MS.AAD.3.1v1 (phishing-resistant MFA for privileged roles) is a 2-hour project to deploy FIDO2 keys to your 4 admin accounts. MS.EXO.1.1v2 (external forwarding) is a one-line Exchange transport rule. Those three close your highest-risk gaps before the auditor arrives. The remaining 4 controls involve Intune device compliance policies and SharePoint sharing settings that need broader coordination. Want me to generate a Compliance report with the full control-by-control status, or start with the PowerShell to fix the first three?
You
Generate the compliance report, but focus on the AAD and Exchange controls. The Intune stuff is a different team.
Claude
Preparing the report now. I have gathered 323 findings, filtered to AAD and Exchange domains. Here is my draft analysis: Executive Summary: Your Entra ID and Exchange configuration has 3 critical and 4 high gaps against CISA SCuBA controls. The most urgent is legacy authentication, which is currently allowed for all users... [Claude shows the full analysis] Does this look right? Want me to add more detail on the Exchange transport rules, or adjust the risk scoring? Once you approve, I will build the branded HTML report with compliance heatmaps, the SCuBA scorecard, and the remediation roadmap.
You
Add a section on what we're doing well. The auditor likes to see positive observations too.
Claude
Good call. Adding positive observations: Security Defaults were replaced with targeted CA policies (MS.AAD.2.1v1 pass), DKIM and DMARC are properly configured for all domains (MS.EXO.4.1v1 pass), and PIM is enabled for 3 of 5 privileged roles. Building the report now with your changes... Report saved to Reports/Senserva_Compliance_2026-04-09.html
SENSERVA TRUSTWORTHY AI

AI You Can Trust with Your Security Data

Raw AI output is ~70% accurate. Senserva validation brings it to 95%+.

Real Data Reconstituted

  • Tenant names, emails, GUIDs, device names replaced with placeholders
  • Security rules injected: MCSB, SCuBA, Graph SDK v2
  • Real values restored locally after response returns
Scan Data
Anonymization
Prompt + Rules
AI
Reconstituted

Validated Output

  • Every response runs through Senserva's rules engine
  • Dangerous recommendations blocked, not just flagged
  • URLs verified: Microsoft Learn, CISA, NIST only
  • Finding names cross-checked against real scan data
AI Response
Rules Engine
Blocked
/
Passed

Human in the Loop

  • Every recommendation reviewed before becoming a report
  • Results stream live via MCP or CLI
  • You decide what happens next: iterate or approve
  • Output you can hand to an auditor, board, or customer
Graded & Clean
AI Analysis
Validation
You Review
Report
↺ iterate via API, MCP, or CLI

Siemserva + Zero Trust Assessment + Maester

Three data sources. One AI report. We do the work.

Siemserva
600+ checks, identity graph, CA deep analysis
+
Zero Trust Assessment
Microsoft's baseline maturity scoring
+
Maester
Community-driven M365 security tests
+
Patch Reviews Soon
Extensive AI-driven patch gap analysis

Siemserva includes built-in connectors for both Microsoft Zero Trust Assessment and Maester. Pipe their output through Siemserva and all three data sources merge into a single unified view. Claude analyzes findings from all three together, cross-references them, and generates one comprehensive report with AI analysis, compliance mapping, and remediation scripts that covers your entire security posture from three independent perspectives.

Three independent security assessments. One AI-enhanced dashboard. One unified report. This is what comprehensive M365 security looks like.

Three Ways to Use Claude with Siemserva

Pick what fits your workflow. All paths share the same local scan database.

Claude Code CLI

For developers and engineers
siemserva --claude cli-install

Query findings, generate compliance reports, and write remediation scripts directly from the terminal. Integrate Siemserva data into your existing security automation pipelines.

Claude Desktop

For security managers
siemserva --claude mcp-install

Interactive conversations about your security posture in plain English. Ask questions, drill into findings, and produce board-ready reports. No technical expertise required.

Claude Managed Agents Coming Soon

Future capability
Enable in Claude settings

Siemserva as a managed agent in Claude's marketplace. No local install required. Enable in your Claude settings and start analyzing your Microsoft 365 and Entra ID security posture instantly.

Built on Senserva.AI

A purpose-built AI layer for Microsoft 365 and Entra ID security. Not a generic chatbot wrapper. Siemserva is also a standalone 600+ check security scanner with a live dashboard, SCuBA and MCSB compliance mapping, and self-contained HTML reports. The AI sits on top of that foundation.

Agentic Remediation: Fix Every Problem

Claude doesn't just identify problems. It fixes them. For every finding Siemserva surfaces, Claude Managed Agents can generate and execute targeted remediation using Graph PowerShell SDK v2. Scripts cite the exact MCSB or SCuBA control, are validated before execution, and require human approval. No copy-pasting guidance. No guessing. One command, one fix.

28 MCP Tools

Scan queries, knowledge lookups, threat intelligence, report generation, and remediation actions. Claude has precise, scoped access to your scan data.

Anonymization

Tenant names, emails, GUIDs, and device names are stripped before the prompt is sent. Real values are restored locally after the response returns. AI never sees your raw data.

AI Guardrails

Security rules are injected into every prompt: cite MCSB and SCuBA codes, reference only Microsoft Learn and CISA, use Graph PowerShell SDK v2. The AI follows Senserva's rules, not its own instincts.

Output Validation

Dangerous recommendations are blocked before delivery. Not just flagged. URLs verified. Finding names cross-checked against real scan data. Enforced by code, not the AI's judgment.

Paginated Data

Handles tenants of any size. Large finding sets, identity graphs, and compliance datasets are paginated so Claude always receives complete, accurate context.

Agentic Reports

Two-step PrepareReport + BuildReport flow keeps a human in the loop. Claude prepares the analysis first, you review, then the final report is built.

Iterate with AI

Ask follow-up questions, drill into specific findings, refine a remediation script, or re-run a report with different scope. All in the same session. Claude keeps full context of your scan so every exchange builds on the last.

Security and Privacy

Your scan data stays on your machine. Senserva.AI is designed with privacy as a first-class constraint, not an afterthought.

Read-Only Database

Claude can never write to or modify your scan data.

Local Only

No cloud upload. Your data never leaves your machine.

PII Protected

Identifiable data is stripped before AI processing.

Human in the Loop

Reports require human review before final generation.

Get Started Today

Download Siemserva, run your first scan, and connect Claude to your security data in minutes.

Download Siemserva

Siemserva is a product of Senserva, LLC, www.senserva.com