Maester is back with one of its biggest release since launch. In this episode, we are joined by Sam Erde, Architect at Patriot Consulting and one of Maester’s core maintainers, to walk through everything that’s landed in Maester 2.1.
Since the December release, the community has shipped 540 new commits, grown the test suite from 128 to 168 tests, and added coverage across entirely new product areas.
Here’s a taste of what’s covered:
🤖 Securing Your AI Agents (Copilot Studio) With Microsoft’s Agent 365 going GA and organisations rapidly deploying Copilot Studio agents, Maester now includes tests based directly on Microsoft’s own recommendations for securing agents. Think orphaned agents with no owner, missing authentication on MCP connections, dormant agents, risky HTTP configurations, and agents shared too broadly. If you’re deploying agents in your tenant, these tests should be running.
🔧 AI That Writes Its Own Security Tests One of the most exciting developments in this release isn’t a test, it’s a custom AI skill that writes Maester tests for you. Sam built a GitHub Copilot agent skill that understands Maester’s structure, coding conventions, and contributor guide. You describe a security check in plain English, and within minutes you get a properly structured test, helpers, and documentation. No VS Code required! You can do it straight from GitHub’s Agents tab or even the mobile app. The barrier to contributing to Maester just got a lot lower.
🛡️ Defender for Endpoint Coverage Maester now includes 24 community-contributed MDE tests covering antivirus configuration, endpoint policy posture, cloud protection, behaviour monitoring, and PUA protection. Getting these tests into shape required the new AI skill to refactor months of pending work and it delivered.
🔑 Azure DevOps Security (37+ New Tests) With AI-generated code accelerating supply chain risks, securing your DevOps pipeline has never been more critical. Maester 2.1 ships with 37+ new Azure DevOps tests, checking OAuth config, PAT token policies, external guest access, collection admin hygiene, and more.
🔗 Linked Identity Checks for Privileged Accounts A new test surfaces a common blind spot: privileged admin accounts that remain active after their linked standard user account is disabled. If someone leaves your organisation and their cloud admin account stays enabled, Maester will now catch it.
📋 CIS Benchmark Refresh & Conditional Access Improvements Community contributor Morten has refreshed the CIS benchmark tests to reflect the latest changes, plus improved the logic behind several conditional access policy checks — including automated tracking of Entra ID roles used in XSPM and commercial access quality checks.
There’s a lot more covered in the full episode, including multi-tenant reporting updates, the new dev container for contributors, a surprisingly entertaining story about two AI models dissing each other’s code reviews, and a teaser for what’s coming in the next release.
👉 Listen to the full episode for the deep dives, the war stories behind getting community PRs across the line, and Merill and Sam’s take on where AI fits into the future of security testing.
Subscribe with your favorite podcast player or watch on YouTube 👇
About Sam Erde
Sam is an Architect at Patriot Consulting who focuses on performing security assessments, securing and deploying Microsoft 365, and writing PowerShell. He has been a critical pillar for the Maester community over the last year, helping heavily refactor the codebase and streamlining community contributions.
LinkedIn - https://www.linkedin.com/in/samerde/
Sponsored by:
Would you bet your reputation on your current Microsoft 365 security posture?
Sure, you’ve checked Purview. Maybe tightened Conditional Access. We all do that.
But it’s usually the quiet stuff that bites... permissions that expanded, policies that drifted, exceptions nobody revisited.
You could assume it’s fine.
Or you could run the Microsoft 365 Security Posture Check.
It’s free.
It runs locally.
And no, it doesn’t send your tenant data back to us.
We’ll even help you set it up.
🔗 Related Links
What’s new in Maester 2.1.0 - https://maester.dev/blog/whats-new-since-maester-2-0
📗 Chapters
00:00 Intro
05:49 Securing Copilot Studio & AI Agents
08:53 The Challenge with Defender for Endpoint Tests
013:39 Using AI to Automate Writing Security Tests
22:30 Dev Containers for Easy Contributions
24:58 New Azure DevOps Security Checks
31:02 Multi-Tenant Reporting & Xbox’s Secret
37:00 Active Directory Tests & The Future of Hybrid
43:00 The Long-Term Vision for Maester
54:48 CIS Benchmarks & Linked Identity Tests
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
