Skip to main content


Your Microsoft Security test automation framework!

Maester Demo

Ready made tests

Maester comes with a collection of ready to use tests to help you get started with validating your tenant's security configuration.


Confidently make changes

Worried about introducing changes that might break your tenant's security configuration? Run regression tests to validate every change.

Continous monitoring

Set up continous monitoring of your tenant configuration using your favorite CI/CD pipeline and alert if any test fails.

Easy to customize

Since Maester is built using Pester and Microsoft Graph, you can write your own tests to validate your tenant's security configuration.

Configuration guidance

Each test in Maester comes with details of the configuration settings and guidance on how to remediate any issues found.

Entra ID Security Config Analyzer

Maester natively integrates Entra ID Security Config Analyzer to provide a comprehensive set of Entra ID checks that map to the MITRE ATT&CK framework.

Security as Code (SaC)

Write Pester tests that encode your organization's business and security policies.

Apply modern DevSecOps practices and continously monitor critical aspects of your Microsoft cloud.
Code snippet for a custom test

Conditional Access What-If

Avoid creating loopholes in your conditional access policies and test to see the impact of a policy change before it is applied.

Identity is the new control plane! Create iron-clad tests to ensure your tenant's posture is always secure as your access policies evolve.
Code sample of a what if test

Maester Test Framework

Maester is built on top of Pester, the PowerShell test framework and super charges it with cloud capabilities and user friendly reports.

Quickly set up Maester in your environment by following the step-by-step guides we've built for you.

Bring the ease of writing tests in PowerShell to your Microsoft 365 tenant with Maester!

Architecture diagram of Maester test framework

🔥 Maester Test Reports

Get a quick snapshot of your tenant's security posture with the report generated by Maester.

The interactive click-through report lets you drill down to the details of each test.

Maester summary report

Quick remediation

Test details include direct links to the Microsoft admin portals.

Jump straight into the conditional access policy that needs to be fixed or the group that needs to be reviewed.

Screenshot of an EIDSCA test result

40+ EIDSCA Tests

Maester includes over 40+ out of the box tests from Entra ID Security Config Analyzer (EIDSCA).

EIDSCA is a part of the Microsoft Entra ID - Attack and Defense Playbook and is a collection of common attack scenarios on Microsoft Entra ID and how they can be mitigated.

Screenshot of an EIDSCA test result

Maester ❤️ GitHub

Integrate Maester with GitHub Actions to continously monitor your tenant configuration.

Build an archive history of Maester test runs against your tenant with the native workflow integration in Maester.

Use Workload Identify Federation for your automation account to connect to Microsoft Graph (no more secrets or credential rotation!).
GitHub reports

Maester 💛 Azure DevOps

Maester can be integrated with Azure DevOps Pipelines and scheduled to be run daily and when changes are introduced in your Microsoft 365 tenant.

Follow the step-by-step guide in the Maester docs to set up an automation account with Workload Identify Federation.
Azure DevOps Screenshot

Email Alerts

Set up email alerts to be delivered to your inbox with a summary of the test results.

Get notified when a change is introduced in your Microsoft 365 tenant that affects the security configuration.
Outlook email alerts