MCSB PA-3: Privileged Access
1 Senserva Microsoft 365 security check provide evidence for Microsoft Cloud Security Benchmark control PA-3 (Privileged Access). Each is checked against your tenant, ranked by Severity, with validated remediation.
What MCSB PA-3 covers
The Microsoft Cloud Security Benchmark is Microsoft's own security baseline for Azure and Microsoft 365, organized into control domains. PA-3 sits in the Privileged Access domain. Senserva evidences it with the 1 check below, so you can see, per tenant, whether the control is actually met rather than assumed.
Ask your own AI about this control
Copy this prompt into Claude, ChatGPT, or Copilot. The facts are included, sourced from this page.
The 1 checks that evidence MCSB PA-3
Click any row for why it matters and how to fix it, with a link to the full check page.
| Senserva check | Severity | What it verifies |
|---|---|---|
| Intune Policy Compliance Allowed Wsl Distributions | Low | Allowed WSL (Windows Subsystem for Linux) distributions are restricted by compliance policy |
Also evidences
The same checks provide evidence for these frameworks, so one fix counts across your obligations:
Every MCSB control and the checks that evidence it: the control reference. The full benchmark crosswalk: MCSB for Microsoft 365.