The Microsoft AI surface Senserva scans
Microsoft's agent model has a three-level hierarchy: an agent identity blueprint defines a permission template, agent identities (service principals) run under it, and users are bound to those identities. Permissions inherit down the chain, which is exactly where risk hides. Senserva walks all three levels.
Deterministic agent auditing, from real tenant data
These checks read live configuration from Microsoft Graph and report exactly what is there. This is the core of Microsoft AI security: knowing precisely what your agents can reach.
| Check | What it inspects | Severity |
|---|---|---|
| Least privilege for agent functions | Inheritable scopes on agent blueprints, flagged when an agent can do more than its job needs. | High |
| High-risk scopes on agent blueprints | Inherited scopes checked against high-risk Graph permissions such as Directory.ReadWrite.All and RoleManagement.ReadWrite.Directory. | High |
| Agent identity blueprints discovered | Every blueprint in the tenant, with its display name and inherited scopes. | Medium |
| Inheritable permissions on blueprints | The presence and content of inheritable permissions that propagate to every agent and user under a blueprint. | Medium |
| Agent identities (service principals) | The service principals running as agents under each blueprint, with their granted OAuth scopes. | Medium |
| Agent users | User accounts bound to an agent identity, inheriting its permissions. | Medium |
High-risk scopes Senserva flags include Directory.ReadWrite.All, RoleManagement.ReadWrite.Directory, Application.ReadWrite.All, Mail.Send, Files.ReadWrite.All, Sites.ReadWrite.All, Policy.ReadWrite.ConditionalAccess, and PrivilegedAccess.ReadWrite.AzureAD, among others.
AI governance controls Senserva tracks
Beyond permissions, Senserva tracks the governance controls that keep AI safe to use. Where Microsoft Graph exposes the setting, the check is deterministic. Where it does not yet, Senserva raises the control as a finding to verify, so it stays on the radar instead of being forgotten.
| Control | What it covers | Severity |
|---|---|---|
| Use of approved models | Only vetted AI models in use, to limit data leakage and unsafe generations. | Medium |
| Multi-layered content filtering | Filtering on AI inputs and outputs to blunt jailbreaks and prompt injection. | Medium |
| Safety meta-prompts on agents | System prompts that keep agents from following adversarial instructions. | Medium |
| Human in the loop | Approval gates before high-impact AI-driven actions are carried out. | Medium |
| Monitoring and detection | Telemetry on AI workloads so unsafe behavior can be seen and reviewed. | Medium |
| Continuous red teaming | Ongoing adversarial testing of AI deployments against new bypass techniques. | Informational |
Why this matters
An AI agent is an identity with permissions and an instruction-following brain. If it is over-privileged, a single prompt-injection can turn it into a path to read mail, change roles, or move data, with no human in the loop. The defense is the same discipline Senserva already applies to the rest of the tenant: least privilege, visibility, and proof.
- See every agent identity and exactly what it can reach, ranked by risk.
- Catch high-risk Graph scopes on agents before an attacker does.
- Keep the governance controls visible, so AI use stays reviewable and audit-ready.
Govern the AI you run, prove the AI you ship
Microsoft AI security is one half of AI governance. The other is running your own AI responsibly, which is how every Senserva AI feature is built. For the standards view, see how this maps to ISO/IEC 42001, and for the model and data posture, see Senserva Trustworthy AI.