Outscore Claude at Microsoft 365 security. On real findings, not trivia.

Play demo mode in 3 steps

Beat Claude runs through the Senserva MCP inside Claude, against a built-in simulated Microsoft 365 tenant. No registration, no key, no access to your own tenant.

STEP 1
Download Senserva, free

Grab the signed build for your OS. One small binary, no installer, no agents.

STEP 2
Run one command to set it up

Run demo claude. It builds the demo database and automatically wires the Senserva MCP into Claude, no config to edit.

> siemserva-win-x64.exe demo claude
STEP 3
Open Claude and play

Install the free Claude Desktop app if you do not have it; the MCP config is already in place. Open Claude and say “want to play a game” Full MCP setup.

Sample match resultGreen Belt
255
Score
4
Best streak
1x
Caught Claude
5 / 5
Levels
EasyCasualAdeptAdvancedDifficult
Override awarded, +75. Alex caught Claude misreading an OAuth scope change (Files.Read.Selected, not Files.Read.All). Catching the AI pays more than agreeing with it.

Illustrative result from the scripted Claude-versus-Alex match below. Your scores are yours.

Claude plays a scripted match.

Game Mode turns your Microsoft 365 security data into a live, graded match with Claude, across five skill levels on real findings. Spot something Claude gets wrong and you steal bonus points. Get his answers correct and you get points too.

S Senserva · Game Mode: Sample Match
Easy → Difficult · ~2.5 min · senserva.com/quickstart
A scripted Claude-vs-Alex sample match. 3 challenges that climb the skill levels (Easy → Adept → Difficult), all drawn from a live scan of the built-in demo tenant. At the start, Claude asks if the player does compliance work; Alex says yes: NIST 800-171, so every Claude grade in this transcript carries the matching control codes (SCuBA MS.AAD, MCSB IM/PA/AU, bridged 800-171 sub-controls). Players who say no get the same questions without the control tags. The demo runs free, no registration or key needed. Want to scan your own tenants? Registering unlocks 3 tenants, up to 25 users each, in one verified scan, free.
Q1 · Easy · MFA basics
C
Claude
Cameron Smith is a Global Administrator at the demo tenant. Cameron has no MFA registered. Alex, what's the worst that could happen?
A
Alex
If Cameron's password leaks, the attacker gets Global Admin powers: total tenant takeover, including all the data.
C
Claude
Grade AExactly. Global Admin has every role and every workload. SCuBA MS.AAD.3.1v1, MCSB IM-6, bridged 800-171 IA-2(1).
+15 points · Score 15
Q2 · Adept · OAuth scope override moment
C
Claude
The OAuth app “MarketingHub” gained Files.ReadWrite.All in the last 30 days. Its previous permission was Files.Read.All: read-only access to all files. What does this change mean for the blast radius?
A
Alex
Hold on, looking at the audit trail, the previous permission was Files.Read.Selected, not Files.Read.All. Selected means only specific files; the new ReadWrite.All is categorically bigger. We went from a curated subset to every drive across the tenant in one consent click, a 100x scope expansion, not 2x.
C
Claude
Override Awarded...you're right. I had it wrong. Files.Read.Selected to Files.ReadWrite.All is a categorically different jump. Nice catch. SCuBA MS.AAD.5.1 (OAuth scope governance), bridged 800-171 AC-6(7).
+75 points (override bonus) · Score 105 · Caught Claude 1x
Q3 · Difficult · Multi-domain IR signal
C
Claude
Three users were re-enabled after 47+ days disabled. One, Cameron, was previously Privileged Role Administrator. His BYOD MacBook is marked Compliant via an Intune check-in from 47 days ago, the same day his account was originally disabled. The CA policy requires a compliant device. What's the actual attack chain?
A
Alex
The Intune check-in went stale exactly when the account went disabled. The device record froze in “Compliant.” When the account got re-enabled, the CA policy sees the device as compliant (it hasn't checked in since, but last-known state was good). Compliance gate passes. The attacker has credentials AND a “compliant” device AND Privileged Role Administrator queued from prior assignment, so they can grant themselves anything. The CA policy isn't broken; the staleness window is.
C
Claude
Grade AThat is the multi-domain edge case: identity drift + device staleness + CA policy assumption, the kind of chain only a connected graph correlates. SCuBA MS.INTUNE baseline + MS.AAD.3.1v1, bridged 800-171 CM-6 + AC-2(7).
+90 points · Score 255 · Streak 4

What you actually learn beating Claude at Microsoft 365 security

Most security training tests whether you remember a definition. You v. Claude tests whether you can read a real configuration and say what is wrong, why it matters, and what an attacker would do with it. Every challenge is drawn from a live Senserva scan of the demo tenant, so you practice on the same Microsoft 365, Intune, Defender, Entra ID, and Purview findings the product surfaces in production.

The questions climb five skill levels, from MFA basics to multi-domain attack chains, and the twist that makes it stick: when you catch Claude getting an answer wrong, you score the most points of all. That single mechanic forces you to reason from evidence instead of agreeing with the confident-sounding AI.

Here are real questions from the game, and what a player walks away understanding. These are the same patterns that close audit findings in the real world.

1. The blast radius of a single missing MFA registration

The question: A Global Administrator at the demo tenant has no MFA registered. What is the worst that could happen?

What you learn: Why privilege concentration turns a small gap into a total-takeover event. Global Administrator holds every role across every Microsoft 365 workload, so one leaked password equals full tenant compromise, including all data. You learn to rank a finding by who the account is, not just what the setting is, and to map it to SCuBA MS.AAD.3.1v1 and MCSB IM-6 for an auditor.

2. Reading an OAuth consent grant like an attacker

The question: A marketing app moved from Files.Read.Selected to Files.ReadWrite.All in the last 30 days. How much did the blast radius change?

What you learn: The difference between scoped and tenant-wide permissions, which most people misjudge. Files.Read.Selected is a curated handful of files; Files.ReadWrite.All is every drive in the tenant with write access. That is a categorical jump, not a small one, and it happened in a single consent click. You learn to read OAuth scopes precisely, and this is a question where players routinely catch Claude conflating Selected with All.

3. A Conditional Access policy that trusts a lie

The question: A re-enabled privileged account signs in from a BYOD device that last checked in as Compliant 47 days ago, the same day the account was disabled. The CA policy requires a compliant device. What is the attack chain?

What you learn: How controls that each look healthy combine into a hole. The device record froze in a Compliant state when check-ins stopped; Conditional Access still trusts that stale state, so the gate passes for an attacker who has the credentials and a privileged role waiting. The policy is not broken, the staleness window is. You learn to reason across identity, device, and policy together, the kind of multi-domain chain only a graph correlates.

4. Triaging patches by what is actually being exploited

The question: Two devices each have a different missing patch. One CVE is in the CISA KEV catalog with a high EPSS score; the other has a higher CVSS base score but no known exploitation. Which do you deploy first?

What you learn: Why a CVSS number alone is the wrong way to prioritize. Known exploitation (CISA KEV) and exploitation probability (EPSS) beat raw severity, because a Critical that nobody is exploiting is less urgent than a High that ransomware is using today. You learn the defensible triage order Senserva uses: actively exploited first, then severity, then exposure age and fleet impact.

5. Spotting governance gaps in Purview and AI surfaces

The question: A sensitivity label is published but applied to almost nothing, and a Copilot-connected app has broad read access. Where is the data-governance risk?

What you learn: That a labeling policy is only as good as its coverage, and that AI assistants inherit whatever oversharing already exists. You learn to connect Purview label coverage, unified audit log health, and Copilot and AI agent permissions into one data-exposure picture, the governance side of Microsoft 365 security most quizzes ignore.