Controls / MCSB / AM-2

MCSB AM-2: Asset Management

14 Senserva Microsoft 365 security checks provide evidence for Microsoft Cloud Security Benchmark control AM-2 (Asset Management). Each is checked against your tenant, ranked by Severity, with validated remediation.

14 checksAsset ManagementTop Severity: High

What MCSB AM-2 covers

The Microsoft Cloud Security Benchmark is Microsoft's own security baseline for Azure and Microsoft 365, organized into control domains. AM-2 sits in the Asset Management domain. Senserva evidences it with the 14 checks below, so you can see, per tenant, whether the control is actually met rather than assumed.

Ask your own AI about this control

Copy this prompt into Claude, ChatGPT, or Copilot. The facts are included, sourced from this page.

The 14 checks that evidence MCSB AM-2

Click any row for why it matters and how to fix it, with a link to the full check page.

Senserva checkSeverityWhat it verifies
License Missing Licenses Required For Highly Privileged AccountHighHighly privileged account (e.g., Global Admin) is missing licenses required by the security baseline. These accounts need maximum protection features enabled
Missing User Optional License MatchHighUser is missing optional (recommended) licenses defined in the security baseline
Sub Past DueHighAzure subscription is in "Past Due" state. Payment issues may disrupt service
Sub Spending Limit OffHighAzure subscription spending limit is off. No cost cap in place
Sub WarnedHighAzure subscription is in "Warned" state
License Missing Licenses Required For Privileged AccountMediumPrivileged account is missing licenses required by the security baseline (e.g., Entra ID P1/P2 for Conditional Access and PIM)
License Organization Subscribed To Required SKU MissingMediumA required license SKU or service plan defined in the security baseline is not present in the tenant
License SKU SuspendedMediumSKU subscription is suspended. Security features provided by this license are inactive for all assigned users
Sub DeletedMediumAzure subscription is deleted. Resources permanently removed
Sub DisabledMediumAzure subscription is disabled. Resources are inaccessible
Sub Spending Limit Current Period OffMediumAzure subscription spending limit is off for the current billing period
License Organization Subscribed To Optional SKU MissingLowAn optional (recommended) license SKU or service plan is not present in the tenant
Group EmptyInfoGroup has zero members across users, nested groups, and service principals
License Tracked Licenses FoundInfoTracked license SKUs found in the tenant. Reports which monitored licenses are present

Also evidences

The same checks provide evidence for these frameworks, so one fix counts across your obligations:

Every MCSB control and the checks that evidence it: the control reference. The full benchmark crosswalk: MCSB for Microsoft 365.

Sponsored by Senserva

Siemserva by Senserva runs the checks that evidence MCSB AM-2 (Asset Management) across your own tenant: which tenants pass, which fail, ranked by Severity with the evidence attached.

  • 650+ Microsoft 365, Intune, Defender, and Entra ID checks in one scan
  • Findings mapped to SCuBA, CIS, NIST, HIPAA, SOC 2, and MCSB for audit-ready evidence
  • Senserva Trustworthy AI driven configuration remediation: validated, approve-before-apply fixes
  • Multi-tenant and MSP practices, with bulk tenant audits and client-ready reporting
Siemserva by Senserva
Compliance Status Report
MCSB AM-2 (Asset Management) across 2 tenants, ranked by Severity
23
FAILING
87
PASSING
41
OTHER FINDINGS
Estimated report, sample data for illustration
Get Going with Senserva Senserva compliance Built for IT admins, security teams, and auditors, with audit-ready evidence. Senserva is a Microsoft Intelligent Security Association member.
Microsoft 365 compliance and audit evidence
How a control becomes audit evidence, click to play

From finding to audit evidence, in two minutes. Watch page · All videos.

Reference: the compliance frameworks crosswalk, the check reference, and the audit guide.
Data notice: control mappings describe which Siemserva checks provide evidence for a control and are informational only, without warranty. They do not constitute compliance advice or certification; confirm requirements with your assessor. All use is subject to the Senserva EULA.