Drift detection: catch the change the day it happens
Every Microsoft 365 tenant drifts. Admins make daily changes, exceptions outlive their reason, and Microsoft moves defaults under you. Drift detection is the discipline of comparing the live tenant against your secure baseline continuously, so a loosened sharing setting or a quiet new role assignment is a same-day alert, not a next-audit surprise.
Siemserva by Senserva detects drift across Microsoft 365, Intune, Defender, and Entra ID, ranks what actually weakens security, and pairs every finding with a remediation path. Detection is the front end of continuous drift management; this page is about doing the detection half right.
What good drift detection looks like
- A real baseline. Detection is only as good as the definition of intended state: map it to CIS-aligned baselines, Microsoft cloud security benchmark, or CISA SCuBA, not to "whatever it was last month".
- Continuous comparison, not quarterly scans. Drift compounds: a detection cycle measured in hours keeps one bad change from becoming the new normal.
- Risk ranking. Most changes are noise. Detection that pages you for everything gets ignored; rank by what weakens a control (MFA, Conditional Access, privileged roles, sharing).
- A remediation path on every finding. Detection without a fix path just documents decay. Every Senserva drift finding carries a reviewed remediation or routes into your ticketing.
Where drift hides in Microsoft 365
The changes that matter are rarely dramatic. A Conditional Access exclusion added for one user and never removed. An Intune compliance policy edited during an incident. A SharePoint sharing default loosened to close a ticket. An Entra role assignment granted for a project that ended. Each is invisible in isolation; drift detection makes the pattern visible.
For fleet operators the problem multiplies: an MSP managing dozens of tenants needs detection that watches every tenant against a standardized baseline. That is what Senserva Drift Manager runs continuously, and what Siemserva gives a single tenant on demand with find-and-fix depth.
Frequently asked
Drift detection is the continuous comparison of your live configuration against the secure baseline you intended, so any divergence (a loosened sharing policy, a new Conditional Access exclusion, a role assignment that appeared) is flagged the day it happens instead of at the next audit.
Detection is the sensing half: find the divergence fast. Drift management is the whole loop: baseline, detect, rank what matters, and remediate. Senserva provides detection as the always-on front end of that loop.
Yes, and it is the complement IaC needs. IaC declares intended state but cannot see portal edits, support-ticket changes, or Microsoft default shifts made outside the pipeline. Drift detection catches exactly that gap.
Identity (Entra ID roles, Conditional Access, MFA settings), device configuration (Intune profiles, compliance policies, update rings), Defender settings, and sharing controls in SharePoint and Teams. Every one of those drifts independently.