Monkey365 – PowerShell Security Scanner for Microsoft 365, Azure, and Entra ID
Monkey365 是一个 PowerShell 模块,专为安全顾问和 DevSecOps 团队设计,用于自动化配置审核 Microsoft 365、Azure 和 Entra ID。它运行 160 多个 CIS 基准检查,并生成 HTML、CSV 等格式的报告。支持多云覆盖、自定义规则及 CI/CD 集成。安装简便且社区活跃维护。 2025-6-16 12:0:32 Author: www.darknet.org.uk(查看原文) 阅读量:8 收藏

Monkey365 is a PowerShell module designed for security consultants and DevSecOps teams to automate configuration audits across Microsoft 365, Azure, and Entra ID. It runs over 160 CIS benchmark checks and produces structured HTML, CSV, JSON, or CLIXML reports.

Monkey365 - PowerShell Security Scanner for Microsoft 365, Azure, and Entra ID

The tool is collector-based, harvesting metadata via PowerShell commands, evaluating it against built-in rules, and generating assessments without requiring complex cloud API setups.

With Monkey365 you can scan for potential misconfigurations and security issues in public cloud accounts according to security best practices and compliance standards, across Azure, Microsoft Entra ID, and Microsoft 365 core applications.

Core Features

  • Multi-Cloud Coverage
    Scans across Microsoft 365 (Exchange, Teams, SharePoint), Azure subscriptions, and Entra ID in one module.
  • 160+ CIS Benchmark Rules
    Implements CIS Azure Foundations and Microsoft 365 checks out of the box, with plans to support NIST, HIPAA, GDPR, and PCI‑DSS benchmarks
  • Flexible Output Formats
    Exports results in HTML, JSON, CSV, or CLIXML. Ideal for automation or manual review.
  • Custom Rules Support
    Allows configuration via JSON rule files or MkDocs plugins for tailored environments.
  • CI/CD Friendly Mode
    Available as a GitHub Action, enabling integration into pipelines to detect misconfigurations early.

Install and Get Started

Install from PowerShell Gallery:

Install-Module -Name monkey365 -Scope CurrentUser

Import-Module monkey365

Check available commands:

Get-Command -Module monkey365

Get-Help Invoke-Monkey365 -Detailed

Run a basic Azure scan:

Invoke-Monkey365 -Instance Azure `

  -Collect VirtualMachines,KeyVault,StorageAccounts `

  -IncludeEntraID `

  -ExportTo HTML

The output includes a dashboard-style HTML with pass/fail indicators for each compliance check.

Community & Maintenance

  • Stars: ~1 000, Forks: 109, actively maintained with regular updates and beta releases.
  • Discussions track features requests, such as updating to CIS v3 and improving output formatting.

Final Thoughts

Monkey365 fills a niche for teams that need a portable, scriptable, and benchmark-driven security scanner across Microsoft cloud environments. Its flexibility, compliance focus, and avoidance of commercial dependencies make it a strong candidate for consultants, DevOps teams, and auditors.

You can read more or download Monkey365 here: https://github.com/silverhack/monkey365

Reader Interactions


文章来源: https://www.darknet.org.uk/2025/06/monkey365-powershell-security-scanner-for-microsoft-365-azure-and-entra-id/
如有侵权请联系:admin#unsafe.sh