Skip to main content

Incident Response

Shared Responsibility Shapes the Response Model

Because Sensei IQ runs inside your Microsoft 365 tenant, the incident response model differs from traditional SaaS. The critical distinction is that most of the detection, containment, and investigation tooling available for Sensei IQ data is in your tenant — not Sensei's.

This is a feature, not a limitation. It means your security team has direct access to the tools needed to investigate and respond to incidents involving Sensei IQ without depending on Sensei to provide logs or evidence. Your organization is in control.

Understanding what Sensei is responsible for — versus what Microsoft's platform handles and what your organization owns — is essential context for any incident scenario.

Sensei's Incident Response Process

For incidents affecting Sensei's internal systems (our development environment, source control, deployment infrastructure, internal corporate systems), Sensei follows a seven-step process aligned with NIST SP 800-61:

StepAction
1. DetectIdentify the incident through monitoring alerts, system logs, or reported anomalies
2. ContainLimit exposure — isolate affected systems, revoke compromised credentials, block affected service principals
3. EscalateNotify Sensei leadership (Director of Products & Solutions, CTO) and engage appropriate response teams
4. AssessDetermine the nature, scope, and severity of the incident; identify what systems or data were affected
5. ActRemediate the root cause — patch vulnerabilities, rotate secrets, restore clean system state
6. NotifyCommunicate with affected parties as required — including clients if a Sensei-internal incident could affect them
7. ReviewConduct a post-incident retrospective; document findings and update controls to prevent recurrence

Incidents are overseen jointly by Sensei's Director of Products & Solutions and CTO. All significant incidents are documented and retained.

Client Tenant Incidents

For incidents affecting data within a client's Dataverse environment, the response is primarily driven by the client's own security team using Microsoft's platform tools:

Detection:

  • Unusual activity in Dataverse is surfaced through Microsoft Purview Audit Logs and Power Platform Admin Center activity reporting
  • Anomalous sign-in patterns are detected through Microsoft Entra ID sign-in logs and Conditional Access alerts
  • Broader M365 threat detection is available via Microsoft Defender for Cloud Apps and Microsoft Sentinel (if configured by the client)

Containment:

  • Compromised user accounts can be blocked or password-reset directly in Entra ID by your administrators
  • Service principal access can be revoked immediately from the Entra ID app registrations portal
  • Power Platform environment admin tools allow administrators to restrict or suspend access to Dataverse

Sensei's role in client tenant incidents:

  • If Sensei is notified of an incident in a client environment (e.g., by the client or through Microsoft), we will respond promptly to support the client's investigation
  • We can provide information about expected service principal activity, expected data access patterns, and recent deployment changes that may be relevant
  • We do not have independent visibility into client tenant logs — we rely on information shared by the client or Microsoft

Business Continuity & Release Management

Sensei maintains release resilience through a structured quarterly release backup process. Every production release of Sensei IQ is backed up to a secure, isolated storage location containing:

  • Source code snapshot — the exact codebase state at the time of release
  • Deployment artifacts — compiled and packaged solution files used for deployment
  • CI/CD pipeline definitions — pipeline YAML files required to recreate the build and deployment process
  • Release documentation — release notes, branch information, and known issues

This release vault enables Sensei to recover from scenarios such as:

  • Accidental repository or branch deletion
  • CI/CD pipeline misconfiguration or data loss
  • Emergency rollback to a previously known-good release
  • Source control service outage

Client-side business continuity for Sensei IQ data is governed by Microsoft Power Platform's built-in backup capabilities. Power Platform environments have automatic backup and point-in-time restore functionality, which your administrators can access through the Power Platform Admin Center. Sensei does not manage or configure these backups — they are a platform feature available to every client.

Vulnerability Disclosure

If you discover a potential security vulnerability in Sensei IQ, please contact us at security@senseiprojectsolutions.com. We will:

  • Acknowledge your report promptly
  • Investigate the reported issue
  • Keep you informed of our findings and remediation timeline
  • Credit your discovery (with your permission) in our release notes

We ask that you allow us a reasonable period to investigate and remediate before public disclosure. We are committed to transparent, responsible handling of security disclosures.