Compliance / Controls

Microsoft 365 compliance controls, mapped to the checks that evidence them

This is a control-by-control reference for Microsoft 365 compliance. A compliance control is a single requirement a framework asks you to meet, for example "restrict privileged access" or "block legacy authentication." This page lists 87 controls, 35 from the Microsoft Cloud Security Benchmark (MCSB) and 52 from the CISA SCuBA baselines, and maps each one to the exact Senserva security checks that prove it is met in your tenant.

Auditors ask "show me the evidence for this control." Frameworks describe controls in the abstract; they do not tell you which Microsoft 365 settings satisfy them. This reference answers it the other way around: pick a control and see the specific checks that evidence it, each with its Severity and remediation. Search or filter the table below, click any control to open it, or jump to a control page for the full list of checks, the plain-language explanation, an AI prompt, and the authoritative source. It is the granular, per-control companion to the frameworks crosswalk (which sizes each framework as a whole) and the checks catalog (which lists all 672 checks).

MCSB and SCuBA are covered today because every Senserva check already carries its exact MCSB control code and SCuBA policy ID. NIST 800-53 and CMMC control pages are next. Senserva is not an auditor and issues no certifications; it provides the configuration evidence, Severity ranking, and remediation that make an audit defensible.

Click any control for its area, example checks, and links.

ControlFrameworkAreaChecks
AM-1MCSBAsset Management32
AM-2MCSBAsset Management14
DP-1MCSBData Protection29
DP-2MCSBData Protection16
DP-3MCSBData Protection2
DP-4MCSBData Protection37
DP-6MCSBData Protection6
ES-1MCSBEndpoint Security170
ES-2MCSBEndpoint Security50
ES-3MCSBEndpoint Security61
ES-4MCSBEndpoint Security25
ES-5MCSBEndpoint Security5
ES-8MCSBEndpoint Security9
GS-1MCSBGovernance and Strategy16
IM-1MCSBIdentity Management46
IM-3MCSBIdentity Management55
IM-4MCSBIdentity Management5
IM-6MCSBIdentity Management170
IM-7MCSBIdentity Management42
IM-8MCSBIdentity Management1
IM-9MCSBIdentity Management1
IR-1MCSBIncident Response12
IR-4MCSBIncident Response3
LT-1MCSBLogging and Threat Detection69
LT-3MCSBLogging and Threat Detection116
LT-4MCSBLogging and Threat Detection7
NS-1MCSBNetwork Security25
PA-1MCSBPrivileged Access73
PA-2MCSBPrivileged Access10
PA-3MCSBPrivileged Access1
PA-4MCSBPrivileged Access11
PA-6MCSBPrivileged Access2
PA-7MCSBPrivileged Access48
PV-6MCSBPosture and Vulnerability Management52
PV-7MCSBPosture and Vulnerability Management3
MS.AAD.1.1v1SCuBAMicrosoft Entra ID60
MS.AAD.2.1v1SCuBAMicrosoft Entra ID60
MS.AAD.2.2v1SCuBAMicrosoft Entra ID60
MS.AAD.2.3v1SCuBAMicrosoft Entra ID60
MS.AAD.3.1v1SCuBAMicrosoft Entra ID60
MS.AAD.3.2v1SCuBAMicrosoft Entra ID60
MS.AAD.3.3v2SCuBAMicrosoft Entra ID19
MS.AAD.3.4v1SCuBAMicrosoft Entra ID19
MS.AAD.3.5v1SCuBAMicrosoft Entra ID19
MS.AAD.4.1v1SCuBAMicrosoft Entra ID42
MS.AAD.5.1v1SCuBAMicrosoft Entra ID60
MS.AAD.5.2v1SCuBAMicrosoft Entra ID60
MS.AAD.5.3v1SCuBAMicrosoft Entra ID60
MS.AAD.6.1v1SCuBAMicrosoft Entra ID41
MS.AAD.7.1v1SCuBAMicrosoft Entra ID47
MS.AAD.7.2v1SCuBAMicrosoft Entra ID48
MS.AAD.7.3v1SCuBAMicrosoft Entra ID47
MS.AAD.7.4v1SCuBAMicrosoft Entra ID48
MS.AAD.7.5v1SCuBAMicrosoft Entra ID47
MS.AAD.7.6v1SCuBAMicrosoft Entra ID47
MS.AAD.7.7v1SCuBAMicrosoft Entra ID47
MS.AAD.7.8v1SCuBAMicrosoft Entra ID47
MS.AAD.7.9v1SCuBAMicrosoft Entra ID47
MS.DEFENDER.1.1v1SCuBAMicrosoft Defender for Office 3654
MS.DEFENDER.1.2v1SCuBAMicrosoft Defender for Office 3654
MS.DEFENDER.1.3v1SCuBAMicrosoft Defender for Office 3654
MS.DEFENDER.1.4v1SCuBAMicrosoft Defender for Office 3654
MS.DEFENDER.1.5v1SCuBAMicrosoft Defender for Office 3654
MS.DEFENDER.2.1v1SCuBAMicrosoft Defender for Office 3654
MS.DEFENDER.2.2v1SCuBAMicrosoft Defender for Office 3654
MS.DEFENDER.2.3v1SCuBAMicrosoft Defender for Office 3654
MS.DEFENDER.3.1v1SCuBAMicrosoft Defender for Office 3654
MS.DEFENDER.4.1v2SCuBAMicrosoft Defender for Office 3654
MS.SHAREPOINT.1.1v1SCuBASharePoint and OneDrive9
MS.SHAREPOINT.1.2v1SCuBASharePoint and OneDrive9
MS.SHAREPOINT.1.3v1SCuBASharePoint and OneDrive9
MS.SHAREPOINT.2.1v1SCuBASharePoint and OneDrive9
MS.SHAREPOINT.2.2v1SCuBASharePoint and OneDrive9
MS.SHAREPOINT.3.1v1SCuBASharePoint and OneDrive9
MS.SHAREPOINT.3.2v1SCuBASharePoint and OneDrive9
MS.SHAREPOINT.3.3v1SCuBASharePoint and OneDrive9
MS.TEAMS.1.1v1SCuBAMicrosoft Teams1
MS.TEAMS.1.2v2SCuBAMicrosoft Teams1
MS.TEAMS.1.3v1SCuBAMicrosoft Teams1
MS.TEAMS.1.4v1SCuBAMicrosoft Teams1
MS.TEAMS.1.5v1SCuBAMicrosoft Teams1
MS.TEAMS.1.6v1SCuBAMicrosoft Teams1
MS.TEAMS.1.7v2SCuBAMicrosoft Teams1
MS.TEAMS.2.1v2SCuBAMicrosoft Teams1
MS.TEAMS.2.2v2SCuBAMicrosoft Teams1
MS.TEAMS.2.3v2SCuBAMicrosoft Teams1
MS.TEAMS.4.1v1SCuBAMicrosoft Teams1

Looking for a framework overview instead? The compliance frameworks crosswalk sizes every framework next to the checks that evidence it.

Sponsored by Senserva

Siemserva by Senserva runs the checks that evidence Microsoft 365 compliance controls across your own tenant: which tenants pass, which fail, ranked by Severity with the evidence attached.

  • 650+ Microsoft 365, Intune, Defender, and Entra ID checks in one scan
  • Findings mapped to SCuBA, CIS, NIST, HIPAA, SOC 2, and MCSB for audit-ready evidence
  • Senserva Trustworthy AI driven configuration remediation: validated, approve-before-apply fixes
  • Multi-tenant and MSP practices, with bulk tenant audits and client-ready reporting
Siemserva by Senserva
Compliance Status Report
Microsoft 365 compliance controls across 2 tenants, ranked by Severity
23
FAILING
87
PASSING
41
OTHER FINDINGS
Estimated report, sample data for illustration
Get Going with Senserva Senserva compliance Built for IT admins, security teams, and auditors, with audit-ready evidence. Senserva is a Microsoft Intelligent Security Association member.
Microsoft 365 compliance and audit evidence
How a control becomes audit evidence, click to play

From finding to audit evidence, in two minutes. Watch page · All videos.

Reference: the compliance frameworks crosswalk, the check reference, and the audit guide.
Data notice: control mappings describe which Siemserva checks provide evidence for a control and are informational only, without warranty. They do not constitute compliance advice or certification; confirm requirements with your assessor. All use is subject to the Senserva EULA.