Just over three months ago, Merill Fernando, Fabian Bader and Thomas Naunheim released the great PowerShell-based tool Maester.
Maester is a PowerShell-based test automation framework designed to help you maintain control over your Microsoft security configurations. With Maester, you can check your Microsoft Tenant configurations against best practices and make sure you don’t accidentally leave a security hole open and it should also make it easier for you to understand your tenant and its settings.
What functionalities does Maester offer?
Maester offers a framework that enables you to apply DevOps practices to the management of your Microsoft security configuration:
- Define security policies as code
- Tests can be run repeatedly against the Microsoft tenant to check compliance
- Incorrect configurations can be rectified with your own tests
- You can write your own tests with Pester
- Built-in tests for tenant monitoring purposes are available
Demo
As part of the PowerShell + DevOps Global Summit 2024, Merill Fernando presented Maester in more detail, and of course I don’t want to withhold the video from you:
Installation
In order to use Maester, the following PowerShell modules must be installed and configured:
Install-Module Pester -SkipPublisherCheck -Force -Scope CurrentUser Install-Module Maester -Scope CurrentUser
md maester-tests
cd maester-tests
Install-MaesterTests
- Sign in to your Microsoft 365 tenant and run Maester tests:
Connect-Maester
Invoke-Maester
Result
As soon as the Maester test has run, the result is opened in a new browser. The results are displayed in a nice HTML and it is shown what is configured well on the tenant and what is less well configured and potentially a security hole.
Summary and outlook
Maester is a very cool tool developed by the three gentlemen, which should make work easier for all of us in the future. Especially in the area of conditional access policies, but also in other areas, this is a very good tool to initially check your tenant for best practices and to monitor them later. A big thank you on my part to the creators of Maester and I look forward to many more functionalities.
Next week I will publish a blog post about the integration in Azure DevOps, how you can continuously check your tenant with Maester tests automatically, stay tuned.
Source: https://maester.dev/