Workload coverage
Maester test tags map directly to Senserva audit groups. Every workload a Maester test covers lands in the right slice of the dashboard and the right section of the HTML report.
MS.AAD
Entra ID
Conditional Access, MFA, identity governance, app registrations.
MS.EXO
Exchange Online
Mail flow, anti-phish, DKIM, DMARC, external sender rules.
MS.TEAMS
Teams
External access, meeting policy, federation, chat retention.
MS.SHAREPOINT
SharePoint & OneDrive
External sharing, anonymous links, tenant restriction policies.
MS.INTUNE
Intune
Device compliance, enrollment restrictions, configuration profiles.
Sample report excerpt
A single Maester test after Senserva renders it. Same shape as native findings, same Senserva Trustworthy AI treatment, same compliance mapping. Drop into the HTML report, the dashboard, or the MCP response: identical.
Want to automate the Maester import, query findings programmatically, or wire CI pipelines? See the Senserva SDK page for importers, queries, and the full wire format.
Related: AI and automated remediation, Microsoft CVE lookup, and running it through a Senserva partner.
See the SDKWhat is Maester?
Maester is a free, open-source test automation framework for Microsoft 365 and Entra ID security, created by Microsoft MVP Merill Fernando and a large community of contributors. It is built on Pester, PowerShell's testing framework, and ships hundreds of ready-made tests that check a tenant against Microsoft security recommendations, CISA SCuBA baselines, and the community's own hardening guidance. You run it with a single command, Invoke-Maester, and it returns a pass or fail for every test.
Because it is code you can read and run in a pipeline, Maester is ideal for repeatable, version-controlled verification: catch a drift the moment a Conditional Access policy changes, gate a change with a CI check, or prove a control still passes before an audit. It is one of the strongest free Microsoft 365 security tools available, and Senserva uses and recommends it.
Where Maester stops is where a posture program begins: it gives you test results, not ranked priorities, trend history, executive reporting, or the fix. That is the gap Senserva fills, without asking you to leave Maester behind.
What Senserva adds to Maester
Keep every Pester test you have. Pipe the Maester JSON into Senserva and each result becomes a first-class finding, indistinguishable from a native Senserva scan:
- Ranked by Severity across all findings, so you fix the dangerous ones first instead of reading a flat pass/fail wall.
- A live dashboard and HTML report an executive, a client, or an auditor can read without translation.
- Compliance mapping to CISA SCuBA, MCSB, and NIST, turning a test run into audit evidence.
- Senserva Trustworthy AI summaries and recommended fixes written into the report, optional and bring-your-own-model.
- The same MCP interface, so Claude or any AI you run can query and explain your Maester results.
- Trend history across runs, so you can prove posture is improving, not just passing today.
No second tool to learn, and no data leaves your control. Senserva complements Maester; it does not replace it. Compare it in depth on the Senserva and Maester page.
Maester: frequently asked
Yes. Maester is open source under the MIT license and free to run. You install the PowerShell module, connect to your tenant, and run Invoke-Maester. Senserva's dashboard, AI reports, and MCP tools layer on top and are also free to try, with no data leaving your control.
Install the module (Install-Module Maester), connect to Microsoft Graph and the relevant services, then run Invoke-Maester. It executes its Pester tests against your tenant and writes results to an HTML report and a TestResults.json. Pipe that JSON to Senserva to render it as a ranked, compliance-mapped dashboard and report.
Hundreds of security checks across Entra ID (Conditional Access, MFA, identity governance), Exchange Online (mail flow, anti-phishing, DKIM, DMARC), Teams, SharePoint and OneDrive, and Intune, including the full CISA SCuBA baseline set. Each maps to a Senserva audit group when rendered.
They are complementary. ScubaGear checks a tenant against CISA's published SCuBA baselines; Maester runs a broader, community-maintained test set (and includes SCuBA coverage) in a Pester framework built for CI. Many teams run both. Senserva renders the output of either into one ranked, compliance-mapped report. See the best Microsoft 365 audit tools.
Yes. That is exactly what this page describes: pipe the Maester JSON into Senserva and every test becomes a ranked finding in a live dashboard and a self-contained HTML report, with compliance mapping, optional AI summaries, and an MCP interface for your AI. No second tool to learn.
No. Senserva complements Maester. Keep your Pester tests and your CI pipeline; Senserva adds the ranking, reporting, compliance evidence, remediation guidance, and AI that turn raw test output into an action plan.