Siemserva + Claude is all you need.

Pick a scenario. Every chat below runs against the Senserva Zava Demo, which you can easily create once you get a key and download Siemserva. Names, counts, and findings are the actual deterministic output of the demo, not your tenant.

Just a quick install gets the real Claude running on great simulated security data, for no cost. The Free version works great for this. Get the Key
Sample conversation·Senserva Zava Demo
You
Anything sensitive shared anonymously on SharePoint right now?
Claude
query_sharing · classify_content
Yes. The Marketing Assets site has 11 active anonymous share links. Three of them point at folders that include sales contracts and a partner pricing deck. The other eight are press kits, probably fine.
See three more conversations: patches and CVEs, multi-tenant view, more
You
Anything sensitive shared anonymously on SharePoint right now?
Claude
query_sharing · classify_content
Yes. The Marketing Assets site has 11 active anonymous share links. Three of them point at folders that include sales contracts and a partner pricing deck, the rest are press kits and brand templates that are probably fine.

Two patterns worth knowing:
· All 11 were created by the same user, with default expiry "Never". Anyone with the URL can read forever.
· The site also has external sharing turned on at the site level, which is why the anonymous-link option is even available. Tightening the site policy to "specific people" closes the door without removing the existing shares.
You
Expire the three contract links today and tighten the site policy. Leave the press kit links alone.
Claude
propose_remediation · human-approval
Drafted: revoke the 3 anonymous links pointing at /Contracts and /Partner-Pricing, set their permissions to specific people only. Marketing Assets site sharing default flips from "anyone with the link" to "people in your organization". Press kit links stay live. Diff ready, push when you approve.
Coming soon. CVE and patch tooling is in development. The chat below is a preview of how Claude will work against the Senserva patch and CVE catalog once it ships.
You
What CVEs are we exposed to right now? Prioritize the ones attackers are actually using.
Claude
query_cves · cisa_kev_match
Of the 23 CVEs Siemserva models on this tenant, 15 are in CISA's Known Exploited Vulnerabilities catalog, meaning attackers are using them in the wild today. Three you should care about first:

CVE 9.8 on a Windows endpoint missing KB5036893, 3 devices affected. Patch ships from Microsoft, ~10 minutes per device.
CVE 9.1 on the on-prem hybrid sync server, KB5036896 not yet applied. One server, requires a maintenance window.
CVE 8.6 on iOS 15.4.1 (jailbroken device owned by the guest user we flagged earlier). Device is non-compliant, action: block its access via Conditional Access until it is wiped or replaced.

The other 12 KEV CVEs are on devices already pending the next patch ring, normal cycle covers them this week.
You
Push KB5036893 to the 3 endpoints now. Block the jailbroken iOS device. The hybrid sync server goes in Saturday's window.
Claude
schedule_patch · block_device
Three changes drafted. (1) KB5036893 deployment ring includes 3 device IDs, runs in the next Intune sync window. (2) Compliance policy applied to the iOS device blocks all corporate app access. (3) Saturday change ticket created for the sync server with KB5036896 pre-staged. Approve to push.
You
We manage three tenants. Which one is in the worst shape?
Claude
compare_tenants · query_findings
Fresh scan numbers:

Zava Demo (1,000 users): 12 narrative findings, 3 critical. Worst issue: the Cameron Kline / Priya Raman / ReportSyncEnterpriseApp identity stack we covered.
Contoso Retail (90 users): 5 narrative findings, 1 critical. Worst issue: shared mailbox without MFA being used by an outsourced support team. Smaller surface, tighter blast radius if compromised.
Fabrikam Engineering (220 users): 8 narrative findings, 2 critical. Worst issue: 4 risky service principals with admin consent on Mail.Read, all owned by a single departed admin. Not technically the largest tenant, but the most concentrated risk.

Ranking by exposure-per-user, Fabrikam Engineering is currently the worst shape.
You
Reassign Fabrikam's 4 SP owners and remove the admin consent on Mail.Read. Show me the plan.
Claude
reassign_owner · revoke_admin_consent
Plan drafted for Fabrikam Engineering. (1) Reassign all 4 service principals from the departed admin to the IT Security group. (2) Revoke admin consent on Mail.Read for all 4 SPs, replace with delegated consent flow that requires user approval per session. (3) Surface a one-page change summary you can paste into the change ticket. Approve and I push the changes.

Conversations above run against the Zava Demo tenant in Senserva's demo database: 1,000 users, 4 Global Admins, 8 Conditional Access policies, 39 Maester tests, 12 narrative findings. Deterministic, repeatable, fictional.

Senserva MCP server

The Senserva MCP server.

Model Context Protocol is the plug. Senserva is the socket. Register once, then ask Claude anything about your Microsoft 365 and Entra ID posture.

One MCP server. Every tool Claude needs to help you manage your Microsoft 365, Entra ID, and Intune.

The Senserva MCP server ships with Siemserva. It exposes your scan data, identity graph, patch state, and remediation catalog as native Claude tools. Claude calls them on demand, reads the results, and reasons about your environment in plain English.

MCP works in Claude Desktop, in Cursor, in any MCP-aware client, and programmatically via the Claude API. We are also shipping a dedicated Senserva Claude MCP CLI, and a managed Agent is next.

# One command. Siemserva installs the Senserva MCP server into Claude Desktop. $ siemserva-win-x64 demo claude
MCP · TOOL SET 28 tools
SIEMSERVASENSERVA-MCP-SERVERv2026.04

Twenty-eight MCP tools ship with Siemserva.

Scan the tenant, query findings, traverse the identity graph, generate reports, score compliance, propose validated remediation, check patch status, and more. Every tool lands the moment you run siemserva-win-x64 demo claude.

scan_tenant query_findings traverse_graph compliance_gap propose_remediation generate_report +22 more
Get the Key
Rich demo data, every install

The Senserva Zava Demo, ready for Claude on day one.

Siemserva ships a deterministic 1,000-user demo tenant called Zava Demo. Same seed every time, same names, same numbers. Claude Desktop wires into it the moment you run the installer, so you can ask it anything before you ever connect a real Microsoft 365 and Entra ID tenant.

1,000users
300service principals
1,100devices
100applications
8CA policies
4Global Admins
39Maester tests
~179findings

Two extra demo tenants ship alongside Zava: Contoso Retail (90 users) and Fabrikam Engineering (220 users), so Claude can compare exposure across three tenants without you ever connecting to one. Named narratives baked in: a stale Privileged Role Admin (217 days inactive), a Global Admin with no MFA, a guest-owned service principal with Directory.ReadWrite.All whose credential expires in 21 days, and 11 anonymous SharePoint share links on a single Marketing Assets site.

Both relational and graph

One SQLite file. Tables for facts, nodes and edges for relationships. Claude pulls raw data either way.

Senserva's scan database is hybrid by design. The same file holds audit tables for finding-by-finding queries and a typed node + edge graph for relationship traversal. Claude reaches into both through the MCP tool surface.

Relational

Audit tables

  • Audits, CurrentAudit with severity, source tag, control mappings
  • Filter by tenant, date, framework, named persona
  • Same shape Claude has read in countless SQL conversations
Graph

Nodes and edges

  • Node_User, Node_App, Node_Patch, Node_Cve
  • Edge_DeviceMissingPatch, Edge_CvePatch, role chains, group nesting
  • Walk privilege paths, OAuth scope chains, indirect trust

Filter and aggregate in tables. Walk relationships in the graph. Same Claude conversation, no schema gymnastics, no separate query language to learn.

Get it. Install it. Use it.

First time? Run siemserva-win-x64 with no parameters and the full setup wizard opens. Pick Quick Setup for the demo + Claude MCP path in one keypress.

01

Get the runtime

Download siemserva-win-x64.exe, siemserva-osx-arm64, or siemserva-linux-x64 from the Quick Start. Single signed binary. No separate runtime, no install wizard.

02

Install the MCP

$ siemserva-win-x64 demo claude

One command wires the Senserva MCP server into Claude Desktop and points it at the Zava Demo database. No JSON config to edit by hand.

03

Talk to Claude

Open Claude Desktop, start a new chat, ask "what's in this tenant?". The 28 Senserva tools light up under Senserva MCP in the tools panel and Claude calls them on demand.

First-run permissions

The "Always allow" prompt you will see in Claude Desktop

First time Claude calls a Senserva MCP tool, Claude Desktop will ask for permission. Click to expand the explainer.

What you're seeing

Claude Desktop's MCP permission model requires explicit user approval before any tool call executes. Every time a tool from an MCP server is called, Claude checks whether you have already authorized it. If not, it pops that prompt. "Always allow" grants permanent authorization for that specific tool from that specific server, so you only see it once per tool.

Why it works this way

It is a security boundary, not a UX choice. MCP tools can read data, trigger actions, make network calls, and Claude Desktop wants a human in the loop before any of that happens the first time. The model is: trust is earned per-tool, not granted to a whole server upfront.

The short-circuit

"Always allow" is the pre-auth. Once you click it for a given tool, it writes that permission to your Claude Desktop config and never asks again for that tool. Since Siemserva ships around 28 tools, you will hit this prompt once per tool the first time each one gets called in a session. After that, smooth sailing.

The fastest way to burn through them all: run a report flow (prepare_reportget_findingsvalidatebuild_report), which chains through most of the tool set in one shot. Click "Always allow" on each prompt as it comes and you will have the full set authorized after one end-to-end run.

There is no way to bulk pre-authorize all tools at once through the UI currently. That is intentionally one-at-a-time on first use, a Claude Desktop constraint, not something on the Siemserva side.

Stop clicking through portals. Start having conversations.

Senserva Claude MCP. Claude for IT and Security Management. Backed by the Senserva MCP, CLI, and soon a managed agent.

Wire Claude to My Tenant MCP

Senserva is a Microsoft MISA Member · Patented Technology · Senserva is Endorsed by the Microsoft Entra, Sentinel, and Intune Teams

These credentials belong to Senserva. They do not imply that Microsoft endorses Anthropic or Claude.

From the blog

Reading from the Senserva team.

Latest post

Read the Senserva blog

Microsoft 365 and Entra ID security commentary, research notes, and behind-the-scenes posts from the Senserva team.
Recent

Architecture and check deep-dives

How Siemserva is built, how the graph is modeled, and how Senserva Trustworthy AI turns raw findings into validated answers.
From the team

Research, releases, and customer stories

New posts from the Senserva team. Subscribe on blog.senserva.com or follow along for the latest.
See all posts