MCSB GS-1: Governance and Strategy
16 Senserva Microsoft 365 security checks provide evidence for Microsoft Cloud Security Benchmark control GS-1 (Governance and Strategy). Each is checked against your tenant, ranked by Severity, with validated remediation.
What MCSB GS-1 covers
The Microsoft Cloud Security Benchmark is Microsoft's own security baseline for Azure and Microsoft 365, organized into control domains. GS-1 sits in the Governance and Strategy domain. Senserva evidences it with the 16 checks below, so you can see, per tenant, whether the control is actually met rather than assumed.
Ask your own AI about this control
Copy this prompt into Claude, ChatGPT, or Copilot. The facts are included, sourced from this page.
The 16 checks that evidence MCSB GS-1
Click any row for why it matters and how to fix it, with a link to the full check page.
| Senserva check | Severity | What it verifies |
|---|---|---|
| Agents Agent Identity Blueprint Inheritable Permission High Risk | High | An AI agent has inheritable permissions that include high-risk Microsoft Graph scopes. |
| Apply Least Privilege For Agent Functions | High | Apply least-privilege principle to AI agent functions to limit blast radius of misuse |
| Purview SRR Stalled Request | High | A Subject Rights Request is approaching its internal due date. |
| Adopt Safety Meta Prompts | Medium | Adopt safety meta-prompts (system prompts) to constrain AI behavior within acceptable bounds |
| Agents Agent Identity Blueprint Inheritable Permission | Medium | An AI Agent Identity Blueprint has inheritable permissions configured. |
| Agents Agent Identity Blueprint Inheritable Permission Blueprint | Medium | An AI Agent Identity Blueprint is registered in this tenant. |
| Agents Agent Identity Blueprint Inheritable Permission Identity | Medium | An AI Agent Identity (service principal) is associated with an Agent Identity Blueprint. |
| Agents Agent Identity Blueprint Inheritable Permission User | Medium | A user account is associated with an AI Agent Identity. |
| Ensure Human In The Loop | Medium | Ensure human-in-the-loop controls exist for high-risk AI decisions and actions |
| Ensure Use Of Approved Models | Medium | Verify that only approved AI models are deployed and in use across the organization |
| Establish Monitoring And Detection | Medium | Establish monitoring and anomaly detection for AI workloads and outputs |
| Implement Multi Layered Content Filtering | Medium | Implement multi-layered content filtering for AI inputs and outputs to prevent misuse |
| Purview SRR Long Running Request | Medium | A Subject Rights Request has been open for more than 90 days. |
| Purview SRR Overdue Request | Medium | A Subject Rights Request is past its due date. |
| Purview SRR Permission Check Skipped | Medium | Purview Subject Rights Request checks were skipped because the scanning credential lacks SubjectRightsRequest.Read.All or a required directory role. |
| Perform Continuous Red Team | Info | Perform continuous red-team exercises against AI deployments to identify vulnerabilities |
Also evidences
The same checks provide evidence for these frameworks, so one fix counts across your obligations:
Every MCSB control and the checks that evidence it: the control reference. The full benchmark crosswalk: MCSB for Microsoft 365.