Maester Maester Cloud
Start now
Cloud, self-hosted and air-gapped ready

Know what changed in your Microsoft 365 security posture.

Send Maester and Microsoft Zero Trust Assessment results to a hosted portal that keeps five years of history, highlights drift between runs, and alerts you when the config drifts.

Start now
contoso.maester.cloud
Maester Cloud evidence ledger — changes since last run (placeholder screenshot)
Open source. Built together. Your subscription helps keep the Maester tests open, maintained, and aligned with evolving standards like CIS and CISA — raising the bar for everyone, hosted or self-hosted. Read the manifesto
The platform

One workspace for your security evidence

History, drift, alerts, and a team portal — the layers that turn a one-off scan into a standing record.

Five-year evidence history

Every Maester and Zero Trust Assessment result, archived daily and searchable for five years. Prove posture at any point in time.

  • Placeholder bullet one
  • Placeholder bullet two
  • Placeholder bullet three
Start now →
Five-year evidence history (placeholder)

Trusted by security teams who run Maester

IKEA

“Placeholder customer story — replace with a real quote and outcome.”

Security lead · placeholder Read story →
Contoso

“Placeholder customer story — replace with a real quote and outcome.”

Identity team · placeholder Read story →
Fabrikam

“Placeholder customer story — replace with a real quote and outcome.”

MSP · placeholder Read story →
Audit history · agent era

Evidence that knows what changed, and who changed it

Agents now reconfigure Microsoft 365 on their own. Maester Cloud keeps a dated, immutable record so every drift has an owner, a run ID, and a before/after.

1. Pin drift to a run

Every change links to a date, run ID, and the prior result — placeholder description.

2. Evidence auditors accept

Five years of JSON + HTML archived in your region — placeholder description.

3. Accept risk on purpose

Record a decision once; it carries forward across runs — placeholder description.

Change detail (placeholder)

How it works

Run Maester wherever your team works. Maester Cloud turns every result into durable evidence, drift insights, and alerts.

Start now Talk to setup →
Core capabilities

Flexible features for every team

Fast to set up and easy to adopt — placeholder description to replace later.

Five years of evidence

Daily history kept for five years, searchable and comparable.

Multi-tenant view

See every tenant’s posture in one place and switch between customers without re-authenticating.

Drift detection

Each run is diffed against the last — new failures, fixes, and accepted risks pinned to a date and run ID.

Change alerts

Drift notifications from your own Microsoft 365 mailbox.

Regional residency

Pick your Azure region at setup; data stays in it.

Accepted risks

Record a decision once; it carries forward across runs.

Maester & Zero Trust config

Store your Maester and Zero Trust Assessment configuration alongside results, versioned over time.

Reports & export

Raw JSON + HTML preserved, plus exports and API tokens.

Open source core

The Maester runner and tests stay open and community-led.

Your tenant. Your rules.

Monitor the configuration rules only your team knows

Write custom Maester tests in PowerShell to continuously validate tenant-specific configuration, complex conditions, and the security logic that matters to your organization.

  • Turn internal security standards into automated tests
  • Express complex rules across Microsoft 365 configuration
  • Track custom-test results, history, and drift in Maester Cloud
Learn about custom tests →
Contoso.Custom.Tests.ps1 
Describe "Contoso tenant baseline" {
  It "Protects emergency access accounts" {
    # Combine tenant-specific conditions
    $policy.excludedUsers |
      Should -Contain $breakGlassId
  }
}

Invoke-Maester -Path ./CustomTests
Maester Cloud result
Emergency access exclusions drift

One required account was removed from the policy exclusion.

Custom tests monitored
24 across this tenant

Self-host without compromise

Run Maester Cloud in your own Azure subscription, on-premises, or air-gapped environment. A paid Sponsor + Self Hosted subscription gives you access to the private repository, deployment guidance, support, and ongoing updates.

Get the source

Deploy in your environment

Run Maester Cloud in your own infrastructure and choose how it is connected and operated.

Your data, your control

Keep Maester Cloud and its report data inside the environment you manage.

Support and ongoing updates

Your subscription includes deployment guidance, support, monthly updates, and new features.

Architecture (placeholder)
Integrations

Export from wherever you run

GitHub Actions, Azure DevOps, Azure Automation, or a scheduled job — push results with one command. Placeholder copy to replace later.

Read the docs →
Integration (placeholder)
Integration (placeholder)
Integration (placeholder)
Integration (placeholder)
Security

Security and residency, built in

Placeholder description to replace later — data residency, Entra-only auth, and your own mailbox.

Regional data residency

Choose your Azure region at setup. Report data stays in-region. Placeholder.

Entra-only access

Portal access is Entra-only; you control who gets in. Placeholder.

No tenant access

Maester Cloud never reads your tenant in v1 — you send the results. Placeholder.

The evidence layer for Microsoft 365 starts here

Start now