Integration

Zero Trust Assessment, rendered in Siemserva

Take Microsoft's Invoke-ZtAssessment results and land them in the same Siemserva dashboard you already use for native scans. Same risk view, same Senserva Trustworthy AI-enhanced HTML reports and advanced analysis, same compliance mappings.

Senserva Trustworthy AI

ZTA findings, ready for your Senserva Trustworthy AI

The moment a Zero Trust Assessment lands in Siemserva, it joins the same Senserva Trustworthy AI surfaces we ship for native scans. Claude, or any Anthropic-compatible model, can read every ZTA test, reason over posture across pillars, and generate an executive brief: no extra plumbing, no separate parser, no lossy summarization.

Senserva Trustworthy AI-enhanced HTML reports

Siemserva calls the Anthropic API with your ZTA results and weaves a plain-English executive summary into the HTML report: top risks by pillar, remediation priority, and compliance posture. Bring your own ANTHROPIC_API_KEY, pick a model, done.

siemserva-win-x64.exe --reporter --ai --model claude-sonnet-4-6

MCP server, live tenant Q&A

Siemserva ships a Model Context Protocol server that exposes your ZTA and native findings as tools. Point Claude Desktop, Claude Code, or any MCP client at it and ask: "Which Identity pillar tests failed? What Catastrophic-impact items are still open? Show me the Conditional Access gaps." Claude calls the tools and returns grounded answers, no hallucination.

siemserva-win-x64.exe mcp. stdio transport. 20+ tools

Agent mode, end-to-end

Run siemserva-win-x64.exe agent and Claude drives a full agentic loop against your tenant plus the imported ZTA data. It investigates failed tests, correlates with native findings, drafts remediation plans, and writes them back as action items, all from a single prompt.

siemserva-win-x64.exe agent --ask "triage ZTA Identity failures"

The four Zero Trust pillars

Every Invoke-ZtAssessment test maps to one of four pillars. Siemserva preserves that tagging so you can filter the dashboard by pillar or drill into each one in the report.

Identity

MFA coverage, Conditional Access baselines, risk-based sign-in policy, privileged account hygiene, guest access controls.

Devices

Intune enrollment, compliance policy, device-based Conditional Access, OS patch posture, platform hardening.

Data

Sensitivity labels, DLP policy, SharePoint and OneDrive sharing posture, retention, information protection reach.

Network

Private access, named locations, trusted IP ranges, Global Secure Access posture, legacy protocol exposure.

Import in three steps

Run ZTA, hand the JSON to the Siemserva connector, view the result in the dashboard or a full HTML report.

STEP 1

Run the assessment

Install ZeroTrustAssessment from the PowerShell Gallery and run Invoke-ZtAssessment against your tenant.

STEP 2

Convert to Siemserva

Pipe the ZTA JSON through ConvertTo-SiemservaNdjson.ps1 to produce the shared wire format.

STEP 3

Render anywhere

Pipe to siemserva-win-x64.exe --reporter for an HTML report or add --dashboard for the live TUI.

powershell. zta-import.ps1
# Option 1. Full HTML report
PS> .\ConvertTo-SiemservaNdjson.ps1 -Path ZeroTrustAssessment.json -Stdout `
| siemserva-win-x64.exe --reporter --out zta-report.html
# Option 2. Live dashboard
PS> .\ConvertTo-SiemservaNdjson.ps1 -Path ZeroTrustAssessment.json -Stdout `
| siemserva-win-x64.exe --reporter --dashboard

Sample report excerpt

What a single ZTA finding looks like after Siemserva renders it, complete with Senserva Trustworthy AI summary, pillar tag, Severity, and remediation. This is the same shape native Siemserva findings use, so every dashboard filter and report surface works identically.

zta-report.html . Finding 012 of 184
CRITICAL . Severity 1875 IDENTITY PILLAR ZTA

MFAEnforced. MFA is not enforced for all admin roles

Source: ZeroTrustAssessment.json . auditGroup=36 (Identity) . status=Failed
Senserva Trustworthy AI · Summary

Three Global Administrator accounts in this tenant lack MFA enforcement via Conditional Access. TestImpact is Catastrophic because a single credential compromise grants full tenant control. Fix by assigning the Microsoft-managed MFA baseline policy or creating a Conditional Access policy that requires MFA for the Directory Role: Global Administrator target.

Only Siemserva sees this

Siemserva's native scan confirms two of these accounts have Graph API permissions capable of elevating other users.

ZTA surfaces the MFA gap. Siemserva's graph reveals the hidden escalation path that turns a missed control into a tenant-wide takeover.

Implementation cost
Low. Template policy available.
Minimum license
Entra ID P1
Tags
Authentication, Credential, ConditionalAccess
Compliance map
NIST 800-53 IA-2, MCSB IM-6

Point ZTA at Siemserva for a full-fidelity report

Run Microsoft's Zero Trust Assessment, hand the JSON to Siemserva, and get a dashboard, an HTML report, Senserva Trustworthy AI summaries, and live MCP tools. One import, every surface.

Get Siemserva See Senserva Patch Manager integration
From the blog

Reading from the Senserva team.

Latest post

Read the Senserva blog

Microsoft 365 and Entra ID security commentary, research notes, and behind-the-scenes posts from the Senserva team.
Recent

Architecture and check deep-dives

How Siemserva is built, how the graph is modeled, and how Senserva Trustworthy AI turns raw findings into validated answers.
From the team

Research, releases, and customer stories

New posts from the Senserva team. Subscribe on blog.senserva.com or follow along for the latest.
See all posts