|
1 | 1 | --- |
| 2 | +title: 📦 Installation guide |
2 | 3 | sidebar_position: 1 |
3 | | -title: Introduction |
4 | 4 | --- |
5 | 5 |
|
6 | | -## What is Maester? |
| 6 | +- Install the **Maester** PowerShell module, Pester, and the out of the box tests. |
7 | 7 |
|
8 | | -Maester is a PowerShell based test automation framework to help you stay in control of your Microsoft security configuration. |
| 8 | +```powershell |
| 9 | +Install-Module Pester -SkipPublisherCheck -Force -Scope CurrentUser |
| 10 | +Install-Module Maester -Scope CurrentUser |
9 | 11 |
|
10 | | -## Why Maester? |
| 12 | +md maester-tests |
| 13 | +cd maester-tests |
| 14 | +Install-MaesterTests |
| 15 | +``` |
11 | 16 |
|
12 | | -As business needs evolve, we often need to make changes to our tenant configuration. As employees come and go, new features are added, and existing features are updated. How do you ensure that a change in one area doesn't introduce a security vulnerability in another? |
| 17 | +- Sign into your Microsoft 365 tenant and run the tests. |
13 | 18 |
|
14 | | -Take for example conditional access policies. You may have a policy that requires multi-factor authentication for a group of users. What if someone accidentally deletes the group or removes users from the group? **Your conditional access policy is now ineffective.** |
| 19 | +```powershell |
| 20 | +Connect-Maester |
| 21 | +Invoke-Maester |
| 22 | +``` |
15 | 23 |
|
16 | | -Let's take another scenario that is fairly common. What if the original author of the conditional access policy leaves the company and someone else makes a change to the policy without understanding the implications? |
| 24 | +## Invoke-Maester |
17 | 25 |
|
18 | | -## How does Maester help? |
| 26 | +To learn more about the `Invoke-Maester` cmdlet including how to filter tests, and customize the run of the Pester Configuration see the [Invoke-Maester](commands/Invoke-Maester.mdx) documentation. |
19 | 27 |
|
20 | | -What if we could run a set of tests to ensure that our configuration is in compliance with our security policies? |
| 28 | +## Optional modules and permissions |
21 | 29 |
|
22 | | -That is exactly what Maester does. |
| 30 | +Maester includes optional [CISA](tests/cisa/) tests that require additional permissions and modules to run. These optional tests are skipped if the modules are not installed or there is no active connection. |
23 | 31 |
|
24 | | -:::info[Why Maester?] |
| 32 | +### Installing Azure, Exchange Online and Teams modules |
25 | 33 |
|
26 | | -Maester helps you monitor your Microsoft 365 tenant by running a set of tests to ensure your configuration is in compliance with your security policies. |
| 34 | +```powershell |
| 35 | +Install-Module Az.Accounts -Scope CurrentUser |
| 36 | +Install-Module ExchangeOnlineManagement -Scope CurrentUser |
| 37 | +Install-Module MicrosoftTeams -Scope CurrentUser |
| 38 | +``` |
27 | 39 |
|
28 | | -::: |
| 40 | +> The Security & Compliance PowerShell module is dependent on the ExchangeOnlineManagement `Connect-IPPSSession` cmdlet. |
29 | 41 |
|
30 | | -Maester provides a framework for you to bring DevOps practices to managing your Microsoft security configuration. |
| 42 | +### Connecting to Azure, Exchange and other services |
31 | 43 |
|
32 | | -* Define your security policies as code and store them in a version control system. |
33 | | -* Continuously run tests that ensure your tenant configuration is complying with the defined policies. |
34 | | -* Found an incorrect configuration? Create a new test to ensure it doesn't happen again. |
35 | | -* Write tests using [Pester](https://pester.dev/), a popular testing framework for PowerShell. |
36 | | -* Use the built-in tests to quickly get started with monitoring your tenant. |
37 | | -* Write custom tests as you introduce new configuration and codify your intent for the configuration. |
| 44 | +In order to run all the CISA tests, you need to connect to the Azure, Exchange Online, and other modules. |
38 | 45 |
|
39 | | -## Introducing Maester |
| 46 | +For a more detailed introduction to these concepts see the [Connect-Maester](connect-maester/readme.md) documentation. |
40 | 47 |
|
41 | | -This introductory session on Maester is from the [PowerShell + DevOps Global Summit 2024](https://www.powershellsummit.org/) and provides an overview of the Maester framework. |
| 48 | +Run the following command to interactively connect to the Azure, Exchange Online, and other modules. A sign in window will appear for each module. |
42 | 49 |
|
43 | | -<iframe width="640" height="360" src="https://www.youtube.com/embed/xfs02tjSU24" title="Introducing Maester: Your Microsoft 365 test automation framework by Merill Fernando" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe> |
| 50 | +```powershell |
| 51 | +Connect-Maester -Service All |
| 52 | +``` |
| 53 | + |
| 54 | +### Permissions |
| 55 | + |
| 56 | +Exchange Online implements a [role-based access control model](https://learn.microsoft.com/exchange/permissions-exo/permissions-exo). The controls these cmdlets test, require minimum roles of either of the following: |
| 57 | + |
| 58 | +- View-Only Configuration OR |
| 59 | +- O365SupportViewConfig |
| 60 | + |
| 61 | +## Next Steps |
| 62 | + |
| 63 | +- Monitoring with Maester |
| 64 | + - [Set up Maester on GitHub](monitoring/github.md) |
| 65 | + - [Set up Maester on Azure DevOps](monitoring/azure-devops.md) |
| 66 | + - [Set up Maester on Azure Container App Jobs](monitoring/azure-container-app-job.md) |
| 67 | +- Alerting with Maester |
| 68 | + - [Set up Maester email alerts](alerts/email.md) |
| 69 | + - [Set up Maester Teams alerts](alerts/teams.md) |
| 70 | + - [Set up Maester Slack alerts](alerts/slack.md) |
| 71 | +- [Writing Custom Tests](writing-tests/index.mdx) |
0 commit comments