Microsoft 365, Intune, Defender, and Entra ID log analysis

Misconfigurations are half the story. Your logs are the other half. Most posture tools stop at settings. Senserva reads your logs too, so you see not just the door left unlocked, but who walked through it. Sign-in logs, the unified audit log, directory and provisioning logs, and security alerts, analyzed and correlated with 650+ configuration checks, ranked, and tied to a fix.

Part of the full product. See Senserva, or how it pairs with CVE and patch coverage.

Sign-in and risky sign-in analysis
Replays the last 14 days of sign-in activity, the Entra ID default retention window, to catch risky and out-of-policy access, legacy authentication in the wild, and accounts signing in outside any Conditional Access policy.
Unified audit log health
Confirms auditing is actually on and capturing the events your investigations and your auditors depend on, instead of failing silently.
Directory and provisioning logs
Surfaces risky changes to roles, applications, and identities, and provisioning activity that has drifted away from policy.
Security alerts, triaged
Pulls in security alerts and ranks them alongside every other finding, in one prioritized view, each tied to evidence and a remediation step.
Logs, read end to end
Sign-in, unified audit, directory, and provisioning logs are read together and correlated, so risky activity is caught across all of them at once, not one console at a time.
One ranked view with your config
Log findings sit in the same dashboard and reports as your configuration and CVE findings, ranked by Severity, each with its evidence and a validated fix.

Where logs and Conditional Access meet

Sign-in logs are how you prove what your Conditional Access policies actually do. Senserva replays the last 14 days of real sign-ins against your full policy set, so policy evaluation meets reality: who got in outside the policies you thought covered them, where legacy authentication slipped through, and which report-only policies were never enforced. It runs the most powerful Conditional Access evaluator we know of, evaluating every policy against every user, app, and condition.

See the full Conditional Access gap analysis

Frequently asked questions

Which Microsoft 365 logs does Senserva analyze?

Entra ID sign-in logs, the Microsoft 365 unified audit log, directory audit logs, and provisioning logs, plus security alerts. They are analyzed alongside 650+ configuration checks so risky activity is ranked next to misconfigurations in one view.

How far back does the sign-in log analysis go?

Senserva replays the last 14 days of sign-in activity, the Entra ID default retention period for sign-in logs. It uses that window to find risky and out-of-policy access, legacy authentication, and accounts signing in outside any Conditional Access policy.

Do I need a SIEM to use this?

No. Senserva reads the logs directly through Microsoft's APIs, read-only, and correlates them with your configuration locally. It complements a SIEM rather than replacing it, and your data stays on your machine.

What is the Conditional Access evaluation engine?

It evaluates every Conditional Access policy against every user, app, and condition using three advanced techniques, finding the gaps point-in-time checkers miss: users and apps no policy applies to, risky exclusions, legacy authentication slipping through, and report-only policies that were never enforced.

See your logs and your config, together

Get going. No registration, no access to your tenant, and see how Senserva correlates logs, configuration, and CVEs into one ranked view.

Download and go

See the full product

Patching across Intune, Windows Autopatch, Defender, Azure, and your endpoint managers: see Senserva patching in action.