Controls / MCSB / GS-1

MCSB GS-1: Governance and Strategy

16 Senserva Microsoft 365 security checks provide evidence for Microsoft Cloud Security Benchmark control GS-1 (Governance and Strategy). Each is checked against your tenant, ranked by Severity, with validated remediation.

16 checksGovernance and StrategyTop Severity: High

What MCSB GS-1 covers

The Microsoft Cloud Security Benchmark is Microsoft's own security baseline for Azure and Microsoft 365, organized into control domains. GS-1 sits in the Governance and Strategy domain. Senserva evidences it with the 16 checks below, so you can see, per tenant, whether the control is actually met rather than assumed.

Ask your own AI about this control

Copy this prompt into Claude, ChatGPT, or Copilot. The facts are included, sourced from this page.

The 16 checks that evidence MCSB GS-1

Click any row for why it matters and how to fix it, with a link to the full check page.

Senserva checkSeverityWhat it verifies
Agents Agent Identity Blueprint Inheritable Permission High RiskHighAn AI agent has inheritable permissions that include high-risk Microsoft Graph scopes.
Apply Least Privilege For Agent FunctionsHighApply least-privilege principle to AI agent functions to limit blast radius of misuse
Purview SRR Stalled RequestHighA Subject Rights Request is approaching its internal due date.
Adopt Safety Meta PromptsMediumAdopt safety meta-prompts (system prompts) to constrain AI behavior within acceptable bounds
Agents Agent Identity Blueprint Inheritable PermissionMediumAn AI Agent Identity Blueprint has inheritable permissions configured.
Agents Agent Identity Blueprint Inheritable Permission BlueprintMediumAn AI Agent Identity Blueprint is registered in this tenant.
Agents Agent Identity Blueprint Inheritable Permission IdentityMediumAn AI Agent Identity (service principal) is associated with an Agent Identity Blueprint.
Agents Agent Identity Blueprint Inheritable Permission UserMediumA user account is associated with an AI Agent Identity.
Ensure Human In The LoopMediumEnsure human-in-the-loop controls exist for high-risk AI decisions and actions
Ensure Use Of Approved ModelsMediumVerify that only approved AI models are deployed and in use across the organization
Establish Monitoring And DetectionMediumEstablish monitoring and anomaly detection for AI workloads and outputs
Implement Multi Layered Content FilteringMediumImplement multi-layered content filtering for AI inputs and outputs to prevent misuse
Purview SRR Long Running RequestMediumA Subject Rights Request has been open for more than 90 days.
Purview SRR Overdue RequestMediumA Subject Rights Request is past its due date.
Purview SRR Permission Check SkippedMediumPurview Subject Rights Request checks were skipped because the scanning credential lacks SubjectRightsRequest.Read.All or a required directory role.
Perform Continuous Red TeamInfoPerform continuous red-team exercises against AI deployments to identify vulnerabilities

Also evidences

The same checks provide evidence for these frameworks, so one fix counts across your obligations:

Every MCSB control and the checks that evidence it: the control reference. The full benchmark crosswalk: MCSB for Microsoft 365.

Sponsored by Senserva

Siemserva by Senserva runs the checks that evidence MCSB GS-1 (Governance and Strategy) across your own tenant: which tenants pass, which fail, ranked by Severity with the evidence attached.

  • 650+ Microsoft 365, Intune, Defender, and Entra ID checks in one scan
  • Findings mapped to SCuBA, CIS, NIST, HIPAA, SOC 2, and MCSB for audit-ready evidence
  • Senserva Trustworthy AI driven configuration remediation: validated, approve-before-apply fixes
  • Multi-tenant and MSP practices, with bulk tenant audits and client-ready reporting
Siemserva by Senserva
Compliance Status Report
MCSB GS-1 (Governance and Strategy) across 2 tenants, ranked by Severity
23
FAILING
87
PASSING
41
OTHER FINDINGS
Estimated report, sample data for illustration
Get Going with Senserva Senserva compliance Built for IT admins, security teams, and auditors, with audit-ready evidence. Senserva is a Microsoft Intelligent Security Association member.
Microsoft 365 compliance and audit evidence
How a control becomes audit evidence, click to play

From finding to audit evidence, in two minutes. Watch page · All videos.

Reference: the compliance frameworks crosswalk, the check reference, and the audit guide.
Data notice: control mappings describe which Siemserva checks provide evidence for a control and are informational only, without warranty. They do not constitute compliance advice or certification; confirm requirements with your assessor. All use is subject to the Senserva EULA.