https://nicolasuter.ch/tags/maester/Recent content in Maester on Nicola SuterHugo -- gohugo.ioen-US© 2026 Nicola SuterThu, 04 Dec 2025 20:00:07 +0000https://nicolasuter.ch/maester-tests-intune/Thu, 04 Dec 2025 20:00:07 +0000https://nicolasuter.ch/maester-tests-intune/<p>Did you know that the <a href="https://maester.dev/" target="_blank" rel="noreferrer">maester</a> framework now supports Microsoft Intune checks? In this blog post, I&rsquo;ll give you a quick overview of the new capabilities and how to get started.</p> <h2 class="relative group">About Maester <div id="about-maester" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#about-maester" aria-label="Anchor">#</a> </span> </h2> <p>Maester is an open-source security assessment framework that helps you evaluate the security posture of your Microsoft Entra ID and Microsoft 365 environments. It provides a collection of tests that can be run against your tenant to identify potential misconfigurations and security risks.</p> <p>After executing the tests, maester generates a detailed report that highlights the findings and provides recommendations for remediation:</p> <figure><img class="my-0 rounded-md" loading="lazy" decoding="async" fetchpriority="low" alt="Maester Example" src="https://nicolasuter.ch/content/images/2025/maester-demo.jpeg" ></figure> <h2 class="relative group">Intune Related Checks <div id="intune-related-checks" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#intune-related-checks" aria-label="Anchor">#</a> </span> </h2> <p>The great thing about maester is that it&rsquo;s highly extensible, allowing you to add custom tests and checks based on your specific requirements. To share some Intune best practices with the community, I contributed a set of Intune related checks to the maester framework.</p> <p>The following Intune checks are now available in maester:</p> <ul> <li>MT.1090 - Global administrator role should not be added as local administrator on the device during Microsoft Entra join</li> <li>MT.1091 - Registering user should not be added as local administrator on the device during Microsoft Entra join</li> <li>MT.1092 - Intune APNS certificate should be valid for more than 30 days</li> <li>MT.1093 - Apple Automated Device Enrollment Tokens should be valid for more than 30 days</li> <li>MT.1094 - Apple Volume Purchase Program Tokens should be valid for more than 30 days</li> <li>MT.1095 - Android Enterprise account connection should be healthy</li> <li>MT.1096 - Ensure at least one Intune Multi Admin Approval policy is configured</li> <li>MT.1097 - Ensure all Intune Certificate Connectors are healthy and running supported versions</li> <li>MT.1098 - Mobile Threat Defense Connectors should be healthy</li> <li>MT.1099 - Windows Diagnostic Data Processing should be enabled</li> <li>MT.1100 - Intune Diagnostic Settings should include Audit Logs</li> <li>MT.1101 - Default Branding Profile should be customized</li> <li>MT.1102 - Windows Feature Update Policy Settings should not reference end of support builds</li> <li>MT.1103 - Ensure Intune RBAC groups are protected by Restricted Management Administrative Units or Role Assignable groups</li> <li>MT.1105 - Ensure MDM Authority is set to Intune</li> </ul> <h3 class="relative group">Example <div id="example" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#example" aria-label="Anchor">#</a> </span> </h3> <p>To run the tests you can simply run:</p>