Getting Started with Maester and Entra Security Hardening

, , , ,

So I’ve known about PingCastle and Purple Knight for a little while now and have used them for on-premises audits and Azure AD audits a while back.  I recently stumbled on Maester which is a testing framework that can be used to automate testing for your Entra environment.  I finally had some time to give it a shot, installation and configuration is straight forward and simple and then running your first sweep is again, straight forward.

First of all, open up our PowerShell prompt and enter the following (I’ll be using a C:\Scripts folder as my base).

Install-Module Pester -SkipPublisherCheck -Force -Scope CurrentUser
Install-Module Maester -Scope CurrentUser
md maester-tests
cd maester-tests
Install-MaesterTests

The following is all the output, showing the install and traversing into the correct locations and then connecting and invoking Maester for the first time.

You may be prompted to allow installations from the PS Gallery and we will allow them.  Once it installed, we want to connect Maester to your Entra tenant, for the first time you’ll be prompted to allow permissions for Microsoft Graph Command Line Tools for your organisation, so we allow that – it’s an extensive list of permissions so I’d refrain from consenting on behalf of your organisation for this one.

Once that is done, we can then invoke the test scripts we just installed as part of the installation process above, this will do a default set of benchmarks and tests.

Invoke-Maester

By default this will invoke all the tests available (except for Azure and Exchange Online), to add those services, we can do the following

Install-Module Az -Scope CurrentUser
Install-Module ExchangeOnlineManagement -Scope CurrentUser
Connect-Maester -Service All

We can then perform the above Invoke command to test. If you want to break it down to something like CISA or EIDSCA, you can do that by simply calling the invoke command like so

Invoke-Maester -Path ./maester-tests/CISA

or if you want multiple frameworks

Invoke-Maester -Tag "CISA", "EIDSCA"

Invoking the tests will generally output a HTML report you can view in your browser, with tests that have passed and failed and more importantly, remediation information on how to fix your failures.

Maester is a super powerful tool to help secure your Entra environment, you can setup a weekly automation to run in GitHub or Azure DevOps to do a weekly scan, send results via E-mail, Teams or Slack. Finally, it’s important to keep the test suite up to date, so before you run it next time issue the following;

Update-Module Maester -Force
Import-Module Maester
Update-MaesterTests

I’ll look to post another article in the future on some automated testing and publishing results to Teams.


Leave a Reply

More Posts

Queries for troubleshooting the Database Mail (dbmail) function of Microsoft SQL Server

So just a quick one today. I was recently working on a SQL Server, running through some Database Mail setup and testing (see Microsoft Docs) with one of our applications.  I needed a way to see what e-mails were being sent out as well as what wasn’t.  The below queries will give you the info […]

How to Multicast a Ghost image (GhostCast) using the Altiris Deployment Console 6.9

We recently needed to image a large number of machines in a short amount of time.  Anyone who has dealt with Altiris and use Ghost as their method of imaging know that Altiris wont by default Multicast the image and will instead push it out individually to each client that connects. So here is a […]

Bypassing Anti-Spam on an Exchange 2007/2010 Receive Connector

I was looking at an old Exchange environment that was being used to send bulk mail outs. We noticed every now and again a bunch of e-mails would not be getting sent, trawling through Message Tracking Logs we could see that the messages were failing because of an AGENT FAIL which usually means that there […]