Maester tests, rendered in Senserva

Run Invoke-Maester against your Microsoft 365, Intune, Defender, Entra ID (logs included), CVEs, and Purview tenant, pipe the JSON to Senserva, and get the same live dashboard, Senserva Trustworthy AI-enhanced HTML reports, and MCP tools you use for native scans. No second tool to learn.

See your security gaps, free

Workload coverage

Maester test tags map directly to Senserva audit groups. Every workload a Maester test covers lands in the right slice of the dashboard and the right section of the HTML report.

MS.AAD

Entra ID

Conditional Access, MFA, identity governance, app registrations.

Audit group 36 (Identity)
MS.EXO

Exchange Online

Mail flow, anti-phish, DKIM, DMARC, external sender rules.

Audit group 54 (Exchange)
MS.TEAMS

Teams

External access, meeting policy, federation, chat retention.

Audit group 55 (Teams)
MS.SHAREPOINT

SharePoint & OneDrive

External sharing, anonymous links, tenant restriction policies.

Audit group 49 (SharePoint)
MS.INTUNE

Intune

Device compliance, enrollment restrictions, configuration profiles.

Audit group 40 (Devices)

Sample report excerpt

A single Maester test after Senserva renders it. Same shape as native findings, same Senserva Trustworthy AI treatment, same compliance mapping. Drop into the HTML report, the dashboard, or the MCP response: identical.

maester-report.html . Finding 47 of 312
CRITICAL . Severity 1875 MS.EXO MAESTER

MS.EXO.2.2v2. DKIM signing is not enabled on all sending domains

Source: TestResults.json . auditGroup=54 (Exchange) . status=Failed . Pester test
Senserva Trustworthy AI · Summary

Two of your four sending domains lack DKIM signing. Without DKIM, spoofed mail from these domains bypasses downstream DMARC enforcement. Senserva's native scan confirms DMARC is set to quarantine on both, so this gap is the weakest link. Fix by enabling DKIM in Defender for Office 365, rotating keys quarterly. Matches CISA SCuBA MS.EXO.2.2v2 and satisfies NIST 800-177.

Test block
MS.EXO.2 DKIM
Pester tags
MS.EXO, Mail, Authentication
Evidence
Get-DkimSigningConfig returned Enabled=false for 2 domains
Compliance map
CISA SCuBA MS.EXO.2.2v2, NIST 800-177

Want to automate the Maester import, query findings programmatically, or wire CI pipelines? See the Senserva SDK page for importers, queries, and the full wire format.

Related: AI and automated remediation, Microsoft CVE lookup, and running it through a Senserva partner.

See the SDK

What is Maester?

Maester is a free, open-source test automation framework for Microsoft 365 and Entra ID security, created by Microsoft MVP Merill Fernando and a large community of contributors. It is built on Pester, PowerShell's testing framework, and ships hundreds of ready-made tests that check a tenant against Microsoft security recommendations, CISA SCuBA baselines, and the community's own hardening guidance. You run it with a single command, Invoke-Maester, and it returns a pass or fail for every test.

Because it is code you can read and run in a pipeline, Maester is ideal for repeatable, version-controlled verification: catch a drift the moment a Conditional Access policy changes, gate a change with a CI check, or prove a control still passes before an audit. It is one of the strongest free Microsoft 365 security tools available, and Senserva uses and recommends it.

Where Maester stops is where a posture program begins: it gives you test results, not ranked priorities, trend history, executive reporting, or the fix. That is the gap Senserva fills, without asking you to leave Maester behind.

What Senserva adds to Maester

Keep every Pester test you have. Pipe the Maester JSON into Senserva and each result becomes a first-class finding, indistinguishable from a native Senserva scan:

  • Ranked by Severity across all findings, so you fix the dangerous ones first instead of reading a flat pass/fail wall.
  • A live dashboard and HTML report an executive, a client, or an auditor can read without translation.
  • Compliance mapping to CISA SCuBA, MCSB, and NIST, turning a test run into audit evidence.
  • Senserva Trustworthy AI summaries and recommended fixes written into the report, optional and bring-your-own-model.
  • The same MCP interface, so Claude or any AI you run can query and explain your Maester results.
  • Trend history across runs, so you can prove posture is improving, not just passing today.

No second tool to learn, and no data leaves your control. Senserva complements Maester; it does not replace it. Compare it in depth on the Senserva and Maester page.

Maester: frequently asked

Is Maester free?

Yes. Maester is open source under the MIT license and free to run. You install the PowerShell module, connect to your tenant, and run Invoke-Maester. Senserva's dashboard, AI reports, and MCP tools layer on top and are also free to try, with no data leaving your control.

How do I run Maester?

Install the module (Install-Module Maester), connect to Microsoft Graph and the relevant services, then run Invoke-Maester. It executes its Pester tests against your tenant and writes results to an HTML report and a TestResults.json. Pipe that JSON to Senserva to render it as a ranked, compliance-mapped dashboard and report.

What does Maester test?

Hundreds of security checks across Entra ID (Conditional Access, MFA, identity governance), Exchange Online (mail flow, anti-phishing, DKIM, DMARC), Teams, SharePoint and OneDrive, and Intune, including the full CISA SCuBA baseline set. Each maps to a Senserva audit group when rendered.

Maester or ScubaGear, which should I use?

They are complementary. ScubaGear checks a tenant against CISA's published SCuBA baselines; Maester runs a broader, community-maintained test set (and includes SCuBA coverage) in a Pester framework built for CI. Many teams run both. Senserva renders the output of either into one ranked, compliance-mapped report. See the best Microsoft 365 audit tools.

Can I get a dashboard and reports for my Maester results?

Yes. That is exactly what this page describes: pipe the Maester JSON into Senserva and every test becomes a ranked finding in a live dashboard and a self-contained HTML report, with compliance mapping, optional AI summaries, and an MCP interface for your AI. No second tool to learn.

Does Senserva replace Maester?

No. Senserva complements Maester. Keep your Pester tests and your CI pipeline; Senserva adds the ranking, reporting, compliance evidence, remediation guidance, and AI that turn raw test output into an action plan.

Run Maester, get a Siemserva-grade report

Keep your Pester tests. Swap the bare JSON for a live dashboard, Senserva Trustworthy AI executive summary, and MCP-driven Q&A across every Microsoft 365 workload.

Patching across Intune, Windows Autopatch, Defender, Azure, and your endpoint managers: see Senserva patching in action.