Maester
Your Microsoft Security test automation framework!
Ready made tests
Maester comes with a collection of ready to use tests to help you get started with validating your tenant's security configuration.
Confidently make changes
Worried about introducing changes that might break your tenant's security configuration? Run regression tests to validate every change.
Continuous monitoring
Set up continuous monitoring of your tenant configuration using your favorite CI/CD pipeline and alert if any test fails.
Easy to customize
Since Maester is built using Pester and Microsoft Graph, you can write your own tests to validate your tenant's security configuration.
Configuration guidance
Each test in Maester comes with details of the configuration settings and guidance on how to remediate any issues found.
Entra ID Security Config Analyzer
Maester natively integrates Entra ID Security Config Analyzer to provide a comprehensive set of Entra ID checks that map to the MITRE ATT&CK framework.
Security as Code (SaC)
Apply modern DevSecOps practices and continuously monitor critical aspects of your Microsoft cloud.
Conditional Access What-If
Identity is the new control plane! Create iron-clad tests to ensure your tenant's posture is always secure as your access policies evolve.
Maester Test Framework
Quickly set up Maester in your environment by following the step-by-step guides we've built for you.
Bring the ease of writing tests in PowerShell to your Microsoft 365 tenant with Maester!
🔥 Maester Test Reports
The interactive click-through report lets you drill down to the details of each test.
Quick remediation
Jump straight into the conditional access policy that needs to be fixed or the group that needs to be reviewed.
40+ EIDSCA Tests
EIDSCA is a part of the Microsoft Entra ID - Attack and Defense Playbook and is a collection of common attack scenarios on Microsoft Entra ID and how they can be mitigated.
Maester ❤️ GitHub
Build an archive history of Maester test runs against your tenant with the native workflow integration in Maester.
Use Workload Identify Federation for your automation account to connect to Microsoft Graph (no more secrets or credential rotation!).
Maester 💛 Azure DevOps
Follow the step-by-step guide in the Maester docs to set up an automation account with Workload Identify Federation.
Email Alerts
Get notified when a change is introduced in your Microsoft 365 tenant that affects the security configuration.