Compliance / By country / BSI IT-Grundschutz

BSI IT-Grundschutz and Microsoft 365

Germany's BSI security methodology; the ORP.4, OPS.1.1.5, and DER.1 building blocks map to Entra and M365. Siemserva by Senserva maps 210+ Microsoft 365 and Entra ID checks to the areas BSI IT-Grundschutz emphasizes, so a scan of your tenant doubles as evidence.

GermanyPublic and private sector210+ mapped checks

What BSI IT-Grundschutz is

IT-Grundschutz is the German Federal Office for Information Security (BSI) methodology and modular compendium of security building blocks (Bausteine). The identity and access module (ORP.4), the logging module (OPS.1.1.5), and the detection module (DER.1) align closely with Microsoft 365 and Entra ID identity, logging, and threat-detection findings.

How Siemserva maps to BSI IT-Grundschutz

BSI IT-Grundschutz asks for strong identity, access control, and monitoring. Siemserva evidences those areas with the checks below, each ranked by Severity and checked against your own tenant:

See every check with its Severity and remediation in the checks catalog, or the per-control detail in the control reference.

Evidence BSI IT-Grundschutz in your own Microsoft 365

Siemserva by Senserva runs the identity, access, privileged-access, and logging checks above, and 650+ others, against your own tenant: it shows where you meet or miss each requirement, ranks the gaps by Severity, and produces audit-ready evidence and validated fixes to close them.

Scan your tenant freeSee the productFrameworks crosswalk

BSI IT-Grundschutz and Microsoft 365: common questions

Does BSI IT-Grundschutz apply to Microsoft 365?

BSI IT-Grundschutz does not name Microsoft 365 specifically, but its identity, access-control, and logging requirements are met (or missed) in your Microsoft 365 and Entra ID configuration. That is where Siemserva checks provide the evidence.

How does Siemserva map to BSI IT-Grundschutz?

Siemserva runs 210+ Microsoft 365 and Entra ID checks across the areas BSI IT-Grundschutz emphasizes, multi-factor authentication, Conditional Access, privileged access, and logging, ranks the gaps by Severity, and produces audit-ready evidence. It is evidence, not an official mapping or certification.

Is this an official BSI IT-Grundschutz certification?

No. Senserva is not an assessor and issues no certifications. It provides the configuration evidence, Severity ranking, and remediation that make an assessment defensible. Confirm requirements with your assessor or regulator.

More: the frameworks crosswalk, Microsoft 365 compliance by country, and the audit evidence guide.

Sponsored by Senserva

Siemserva by Senserva scans Microsoft 365, Intune, Defender, and Entra ID and maps every finding to the frameworks you answer to, so a single scan doubles as evidence for BSI IT-Grundschutz and dozens more.

  • 650+ checks across identity, devices, apps, and data, ranked by Severity with the evidence attached
  • Crosswalked to CISA SCuBA, MCSB, NIST, ISO 27001, SOC 2, HIPAA, CMMC, and more
  • Validated approve-before-apply fixes; bulk multi-tenant audits for MSPs and MSSPs
Get Going with Senserva Compliance and evidence Senserva is a Microsoft Intelligent Security Association member.
Data notice: this page is informational and describes how Siemserva checks provide evidence relevant to the framework. It is not legal or compliance advice, not an official mapping, and not a certification. Confirm requirements with your assessor or regulator. All use is subject to the Senserva EULA.