Maester

Did you know that the maester framework now supports Microsoft Intune checks? In this blog post, I’ll give you a quick overview of the new capabilities and how to get started. About Maester # Maester is an open-source security assessment framework that helps you evaluate the security posture of your Microsoft Entra ID and Microsoft 365 environments. It provides a collection of tests that can be run against your tenant to identify potential misconfigurations and security risks. After executing the tests, maester generates a detailed report that highlights the findings and provides recommendations for remediation: Intune Related Checks # The great thing about maester is that it’s highly extensible, allowing you to add custom tests and checks based on your specific requirements. To share some Intune best practices with the community, I contributed a set of Intune related checks to the maester framework. The following Intune checks are now available in maester: MT.1090 - Global administrator role should not be added as local administrator on the device during Microsoft Entra join MT.1091 - Registering user should not be added as local administrator on the device during Microsoft Entra join MT.1092 - Intune APNS certificate should be valid for more than 30 days MT.1093 - Apple Automated Device Enrollment Tokens should be valid for more than 30 days MT.1094 - Apple Volume Purchase Program Tokens should be valid for more than 30 days MT.1095 - Android Enterprise account connection should be healthy MT.1096 - Ensure at least one Intune Multi Admin Approval policy is configured MT.1097 - Ensure all Intune Certificate Connectors are healthy and running supported versions MT.1098 - Mobile Threat Defense Connectors should be healthy MT.1099 - Windows Diagnostic Data Processing should be enabled MT.1100 - Intune Diagnostic Settings should include Audit Logs MT.1101 - Default Branding Profile should be customized MT.1102 - Windows Feature Update Policy Settings should not reference end of support builds MT.1103 - Ensure Intune RBAC groups are protected by Restricted Management Administrative Units or Role Assignable groups MT.1105 - Ensure MDM Authority is set to Intune Example # To run the tests you can simply run: