Jason had been hired to fix printers. A few weeks later, he was promoted to head of cyber security.

That might sound like a joke, but it happens more often than you’d think. In small businesses and growing organisations, someone in IT suddenly finds themselves with the keys to Microsoft 365 and a vague brief to “make it secure.”

Jason’s new job description involved “clicking around in the Microsoft 365 admin centre.” But then someone mentioned outbound spam policies. Another colleague brought up attack surface reduction. Someone else started talking about DKIM. Jason quickly realised he hadn’t got a clue what any of it meant.

If you have a Jason in your team, or if you are Jason, there is good news. A free open-source tool called Maester can run more than 280 security tests across your Microsoft 365 tenant and tell you exactly what is broken before the auditors do.

The Problem with Securing Microsoft 365

Microsoft 365 is a sprawling ecosystem. There is Entra ID, Exchange, SharePoint, Teams, Intune, and layers of conditional access policies. Each one has settings that can make the difference between being secure or wide open.

Most IT admins are thrown into the deep end with little guidance. Securing Microsoft 365 can feel overwhelming.

That is why Maester exists.

What is Maester?

Maester is a free PowerShell-based tool built on Pester, the testing framework. Think of it as a cyber security consultant who never sleeps, never takes a holiday, and never sends you an invoice.

Run Maester against your tenant and it will:

• Check Entra ID, Exchange, SharePoint, Teams, and more

• Perform over 280 automated tests

• Highlight what is secure and what is not

• Provide remediation guidance with links to official Microsoft documentation

For managed service providers, Maester is a quick way to audit client environments. For internal IT admins, it is like having a second pair of expert eyes on every configuration.

How Maester Works

Installation is simple. You create a folder, install PowerShell 7, grab Maester from the gallery, and connect it to your tenant with a global admin account. Within minutes, the tool runs through its library of tests and spits out a detailed interactive report.

The report does not just flag what failed. It tells you why, shows you how to fix it, and links to further resources. For example, if your tenant does not have enough global admins, Maester points you straight to the remediation steps.

You can filter the results by severity, by category, or by which tests failed. That means you can focus on the high-risk gaps first, like missing MFA requirements for risky sign-ins.

Beyond the Basics

Maester is not just a one-off audit tool. You can:

• Export results to CSV or Excel

• Set up continuous monitoring of your tenant

• Receive alerts via email or Microsoft Teams

For MSPs, that means you can keep tabs on multiple client environments without manually checking each one. For internal IT teams, it means no more nasty surprises when the auditors arrive.

Why It Matters

Jason is not alone. Countless IT admins are promoted into cyber security roles without the training or resources to secure Microsoft 365 effectively. Maester bridges that gap. It is community-driven, free, and constantly updated.

If you want to secure your tenant quickly, audit your Microsoft 365 environment, and actually understand what needs fixing, Maester should be the first tool you install.

Because being head of cyber security should not feel like fixing printers with a new job title.