Maester Maester Cloud
Start now

The portal

The portal is organized around two dimensions: time (runs and what changed between them) and Microsoft product (where the problems are). The tenant switcher in the top bar scopes every page; with one reporting tenant you'll mostly live in the single-tenant view.

Overview

Posture, failing count, products covered, and attention items at a glance — plus the drift headline, per-product coverage bars (pass / fail / skipped), the posture trend across your runs, and recent submissions. Clicking a tenant row scopes the whole portal to that tenant.

Changes

The full drift report for the latest comparable pair of runs: new failures and fixes as a table with severity, product, and standard, KPI cards, the real posture trend, and a link to the raw report the numbers came from.

Runs

Every submission, newest first: status, posture, test count, source label, and links to view the original HTML report or jump to the diff. Each run's detail page shows full provenance (who uploaded, from where, when), every parsed test with a needs-attention filter, and the stored artifacts.

Controls

Browse every assessed control from the latest run: failing / passing / skipped tabs, product filter, and search. Titles link to the relevant maester.dev documentation where available.

Reports

Every stored report artifact, downloadable — the original HTML opens in a new tab, the JSON downloads as a file. Artifacts stream through the authenticated API; there are no shareable storage links that could outlive a click.

Settings

The tenants this environment has seen, submission instructions, and the feature roadmap. Billing is managed in the Polar customer portal (your receipts and invoices live there too).

How products are derived

Every test is attributed to a Microsoft product so coverage and failures can be grouped the way your organization thinks:

  • Maester suites map by block — Entra, Intune, Exchange, Teams, Defender, plus EIDSCA → Entra, ORCA → Defender for Office 365, Azure DevOps, Exposure Management, Copilot Studio.
  • CIS controls map by section number (1 and 5 → Entra, 2 → Defender for Office 365, 3 → Purview, 4 → Intune, 6 → Exchange, 8 → Teams).
  • CISA controls map by service segment (AAD → Entra, EXO → Exchange, SHAREPOINT → SharePoint).
  • Zero Trust pillars: Identity → Entra, Devices → Intune, Network → Global Secure Access, Data → Purview, Infrastructure → Azure.
  • Anything unrecognized lands in Other rather than being guessed.