|
19 | 19 | <a href="https://www.powershellgallery.com/packages/monkey365"><img src="https://img.shields.io/powershellgallery/dt/monkey365.svg?style=flat&logo=powershell&label=PSGallery%20Download" alt="PowerShell Gallery Downloads"></a> |
20 | 20 | </p> |
21 | 21 |
|
22 | | -Monkey365 is an open-source security assessment tool for Microsoft 365, Azure, and Microsoft Entra ID. It helps administrators, consultants, and security professionals identify misconfigurations, review cloud security posture, and evaluate environments against industry security best practices and compliance standards. |
| 22 | +Monkey365 is an open-source security assessment framework for Microsoft 365, Azure, and Microsoft Entra ID. It helps security professionals, consultants, administrators, and incident responders identify misconfigurations, review cloud security posture, and evaluate environments against industry security best practices and compliance standards. |
23 | 23 |
|
24 | | -Monkey365 is designed to simplify Microsoft cloud security assessments without requiring users to learn complex APIs or navigate multiple administration portals. |
| 24 | +Monkey365 is designed to simplify Microsoft cloud security assessments without requiring users to learn complex APIs, install multiple Microsoft modules, or navigate different administration portals. |
25 | 25 |
|
26 | 26 | --- |
27 | 27 |
|
28 | 28 | # Features |
29 | 29 |
|
30 | 30 | - Self-contained PowerShell module with bundled dependencies |
31 | | -- No external module installation required |
32 | | -- No additional Microsoft PowerShell modules required |
33 | | -- No dependency on common external modules such as: |
34 | | - - ExchangeOnlineManagement |
35 | | - - Az PowerShell / Azure CLI |
36 | | - - Microsoft Graph PowerShell SDK |
37 | | -- Security posture assessment for Microsoft 365, Azure, and Microsoft Entra ID |
| 31 | +- No dependency on external Microsoft modules or tools, including ExchangeOnlineManagement, Az PowerShell / Azure CLI, or the Microsoft Graph PowerShell SDK |
| 32 | +- Security posture assessment for: |
| 33 | + - Microsoft 365 |
| 34 | + - Azure |
| 35 | + - Microsoft Entra ID |
38 | 36 | - Coverage for major Microsoft 365 services including: |
39 | 37 | - Exchange Online |
40 | 38 | - SharePoint Online |
41 | 39 | - Microsoft Teams |
42 | 40 | - Microsoft Purview |
43 | 41 | - Microsoft Fabric |
| 42 | +- Supports multiple authentication methods including: |
| 43 | + - Interactive authentication |
| 44 | + - MFA-enabled authentication |
| 45 | + - Service principals |
| 46 | + - Certificate-based authentication |
| 47 | + - Direct access token authentication |
44 | 48 | - CIS benchmark and compliance checks |
45 | | -- HTML, JSON, and CSV reporting |
| 49 | +- Structured HTML, JSON, and CSV reporting suitable for automation and analysis workflows |
46 | 50 | - Support for Azure Public, China, and Government cloud environments |
47 | 51 | - Collector-based and extensible architecture |
48 | | -- Easy deployment across workstations, jump boxes, and assessment environments |
| 52 | +- Easy deployment across workstations, jump boxes, automation pipelines, and assessment environments |
49 | 53 |
|
50 | 54 | --- |
51 | 55 |
|
@@ -157,6 +161,28 @@ Import-Module C:\temp\monkey365 -Force |
157 | 161 |
|
158 | 162 | --- |
159 | 163 |
|
| 164 | +# Authentication |
| 165 | + |
| 166 | +Monkey365 supports multiple authentication methods for both interactive and automated assessments. |
| 167 | + |
| 168 | +Supported authentication workflows include: |
| 169 | + |
| 170 | +- Interactive authentication |
| 171 | +- MFA-enabled authentication |
| 172 | +- Service principals |
| 173 | +- Certificate-based authentication |
| 174 | +- Direct access token authentication |
| 175 | + |
| 176 | +Authentication documentation: |
| 177 | + |
| 178 | +- Authentication overview |
| 179 | + https://silverhack.github.io/monkey365/authentication/overview/ |
| 180 | + |
| 181 | +- Access token authentication |
| 182 | + https://silverhack.github.io/monkey365/authentication/access_token/ |
| 183 | + |
| 184 | +--- |
| 185 | + |
160 | 186 | # Basic Usage |
161 | 187 |
|
162 | 188 | Display available command options: |
@@ -224,11 +250,17 @@ Invoke-Monkey365 @options |
224 | 250 |
|
225 | 251 | # Regulatory Compliance Checks |
226 | 252 |
|
227 | | -Monkey365 helps streamline Microsoft 365, Azure, and Microsoft Entra ID security reviews through hundreds of built-in checks aligned with industry security best practices. |
| 253 | +Monkey365 includes hundreds of built-in checks aligned with industry security best practices and compliance frameworks for Microsoft cloud environments. |
| 254 | + |
| 255 | +The framework helps organizations: |
228 | 256 |
|
229 | | -The tool helps consultants, administrators, and security teams identify security gaps, validate tenant configurations, and assess risk exposure across cloud environments. |
| 257 | +- Identify security gaps |
| 258 | +- Review cloud configuration posture |
| 259 | +- Validate tenant hardening |
| 260 | +- Analyze identity and access controls |
| 261 | +- Assess compliance readiness |
230 | 262 |
|
231 | | -Assessment reports include structured and actionable data for rapid analysis and verification. |
| 263 | +Assessment reports include structured findings and remediation guidance for rapid analysis and verification. |
232 | 264 |
|
233 | 265 | <p align="center"> |
234 | 266 | <img src="https://silverhack.github.io/monkey365/assets/images/htmlreport.png" /> |
|
0 commit comments