Microsoft 365 includes powerful security capabilities - Secure Score, Defender, Entra recommendations, PIM, and Intune. Siemserva helps you get the full value from those tools by connecting data across product boundaries into a single cross-domain view.
Not a replacement - a layer on top. Siemserva automates what would take hours of manual review across multiple portals.
| Capability | Siemserva Enhancement | Microsoft Native |
|---|---|---|
| Conditional Access analysis | Replays real sign-ins through What-If to find enforcement failures. Tests 10 attack scenarios per privileged user with a coverage score. Detects OR-bypass paths and policies stuck in report-only mode. | Microsoft's What-If API is designed for individual scenario evaluation. Siemserva automates bulk testing across all privileged users using the same API, and replays real sign-in logs to validate enforcement. |
| PIM policy auditing | Audits PIM role policies for security gaps, checking activation requirements, approval workflows, and expiration settings. Reports which policies are missing or misconfigured. | PIM portal manages role assignments and activation logs. Siemserva adds a policy configuration review layer on top, including treating PIM eligible roles as still a risk area to focus on. |
| Intune policy auditing | Reads every Intune configuration and compliance policy and checks security settings against expected baselines across endpoint protection, encryption, firewall, and OS compliance. | Intune tracks device compliance against your policies. Siemserva validates that the policies themselves meet security baselines. |
| Cross-domain correlation | Finds patterns spanning identity, devices, apps, and privileged access in a single view - e.g., a Global Admin whose device is non-compliant, who uses SMS for MFA, excluded from a CA policy. | Secure Score, Defender, and Intune each excel within their domain. Siemserva connects findings across those boundaries. |
| Entity relationship graph | Models your environment as a comprehensive relationship graph. Answers: which users are in groups excluded from CA? Which service principals have directory roles via nested group membership? | Entra manages entities and their properties. Siemserva adds multi-hop relationship traversal across users, groups, roles, devices, and apps in the database so you can create your own analytics. |
| Privilege compounding | Detects when a single entity accumulates risk across multiple dimensions: permanent Global Admin + no PIM + excluded from CA + stale password + SMS MFA. Each finding alone is concerning; together they represent a critical exposure. | Secure Score tracks individual findings effectively. Siemserva layers on privilege-weighted compounding and blast radius analysis. |
| Executable remediation | Generates executable PowerShell scripts (.ps1) using Microsoft Graph SDK v2 that directly fix findings. Scripts include -WhatIf support, Connect-MgGraph scopes, error handling, sorted by severity. |
Secure Score links to documentation and portal pages. Siemserva generates ready-to-run fix scripts from those same APIs. |
| Unified reporting | 6 report types (Detailed, Compliance, Business Review, Remediation, Audit, Portfolio) with AI-enhanced analysis. Each cross-references findings across all domains, maps to MCSB and SCuBA, and includes direct portal links. | Each Microsoft tool provides focused reporting for its domain. Siemserva unifies findings across all domains into a single report. |
Four analysis engines test your Conditional Access policies from different angles, including predictive What-If testing and historical sign-in replay, to find gaps that manual policy review misses entirely.
Siemserva reads from the same Microsoft Graph APIs your existing tools use. It adds a correlation and analysis layer on top - no new agents, no duplicate data stores.
Secure Score, Defender, Intune, and Entra each see their own domain. Siemserva connects findings across all of them so a single privileged account's full risk picture is visible in one place.
Every finding includes engineer-written remediation steps, direct portal links, and AI-generated PowerShell validated against the Microsoft Graph SDK. The path from detection to remediation is inside the same tool.
Siemserva connects to Claude via the MCP protocol for conversational security analysis. Ask about your findings in plain English, traverse the identity graph, and get AI-generated remediation scripts tailored to your environment.