MCSB PA-6: Privileged Access
2 Senserva Microsoft 365 security checks provide evidence for Microsoft Cloud Security Benchmark control PA-6 (Privileged Access). Each is checked against your tenant, ranked by Severity, with validated remediation.
What MCSB PA-6 covers
The Microsoft Cloud Security Benchmark is Microsoft's own security baseline for Azure and Microsoft 365, organized into control domains. PA-6 sits in the Privileged Access domain. Senserva evidences it with the 2 checks below, so you can see, per tenant, whether the control is actually met rather than assumed.
Ask your own AI about this control
Copy this prompt into Claude, ChatGPT, or Copilot. The facts are included, sourced from this page.
The 2 checks that evidence MCSB PA-6
Click any row for why it matters and how to fix it, with a link to the full check page.
| Senserva check | Severity | What it verifies |
|---|---|---|
| Intune Policy Attack Surface Reduction Block Credential Stealing From LSASS | High | ASR rule to block credential stealing from LSASS is not enabled |
| Intune Policy Attack Surface Reduction Block Process Creations From Psexec Wmi | High | ASR rule to block process creations from PSExec and WMI commands is not enabled |
Also evidences
The same checks provide evidence for these frameworks, so one fix counts across your obligations:
Every MCSB control and the checks that evidence it: the control reference. The full benchmark crosswalk: MCSB for Microsoft 365.