So I’ve known about PingCastle and Purple Knight for a little while now and have used them for on-premises audits and Azure AD audits a while back. I recently stumbled on Maester which is a testing framework that can be used to automate testing for your Entra environment. I finally had some time to give it a shot, installation and configuration is straight forward and simple and then running your first sweep is again, straight forward.
First of all, open up our PowerShell prompt and enter the following (I’ll be using a C:\Scripts folder as my base).
Install-Module Pester -SkipPublisherCheck -Force -Scope CurrentUser
Install-Module Maester -Scope CurrentUser
md maester-tests
cd maester-tests
Install-MaesterTests
The following is all the output, showing the install and traversing into the correct locations and then connecting and invoking Maester for the first time.
You may be prompted to allow installations from the PS Gallery and we will allow them. Once it installed, we want to connect Maester to your Entra tenant, for the first time you’ll be prompted to allow permissions for Microsoft Graph Command Line Tools for your organisation, so we allow that – it’s an extensive list of permissions so I’d refrain from consenting on behalf of your organisation for this one.
Once that is done, we can then invoke the test scripts we just installed as part of the installation process above, this will do a default set of benchmarks and tests.
Invoke-Maester
By default this will invoke all the tests available (except for Azure and Exchange Online), to add those services, we can do the following
Install-Module Az -Scope CurrentUser
Install-Module ExchangeOnlineManagement -Scope CurrentUser
Connect-Maester -Service All
We can then perform the above Invoke command to test. If you want to break it down to something like CISA or EIDSCA, you can do that by simply calling the invoke command like so
Invoke-Maester -Path ./maester-tests/CISA
or if you want multiple frameworks
Invoke-Maester -Tag "CISA", "EIDSCA"
Invoking the tests will generally output a HTML report you can view in your browser, with tests that have passed and failed and more importantly, remediation information on how to fix your failures.
Maester is a super powerful tool to help secure your Entra environment, you can setup a weekly automation to run in GitHub or Azure DevOps to do a weekly scan, send results via E-mail, Teams or Slack. Finally, it’s important to keep the test suite up to date, so before you run it next time issue the following;
Update-Module Maester -Force
Import-Module Maester
Update-MaesterTests
I’ll look to post another article in the future on some automated testing and publishing results to Teams.
Leave a Reply