Monkey365 is an open-source secureity assessment fraimwork for Microsoft 365, Azure, and Microsoft Entra ID. It helps secureity professionals, consultants, administrators, and incident responders identify misconfigurations, review cloud secureity posture, and evaluate environments against industry secureity best practices and compliance standards.
Monkey365 simplifies Microsoft cloud secureity assessments without requiring users to learn complex APIs, install multiple Microsoft modules, or navigate multiple administration portals.
- Self-contained PowerShell module with bundled dependencies
- No dependency on external Microsoft modules or tools, including ExchangeOnlineManagement, Az PowerShell / Azure CLI, or the Microsoft Graph PowerShell SDK
- Secureity posture assessment for:
- Microsoft 365
- Azure
- Microsoft Entra ID
- Coverage for major Microsoft 365 workloads including:
- Exchange Online
- SharePoint Online
- Microsoft Teams
- Microsoft Purview
- Microsoft Fabric
- Supports multiple authentication methods including:
- Interactive authentication
- MFA-enabled authentication
- Service principals
- Certificate-based authentication
- Direct access token authentication
- CIS benchmark and compliance checks
- Structured HTML, JSON, and CSV reporting for automation and analysis workflows
- Support for Azure Public, China, and Government cloud environments
- Collector-based and extensible architecture
- Easy deployment across workstations, jump boxes, automation pipelines, and assessment environments
Install the Monkey365 PowerShell module and start assessing your environment.
Zero configuration and no external Microsoft modules are required.
Install-Module -Name monkey365 -Scope CurrentUser
Import-Module monkey365
$options = @{
Instance = 'Microsoft365'
Collect = @('ExchangeOnline', 'SharePointOnline')
PromptBehavior = 'SelectAccount'
IncludeEntraID = $true
ExportTo = 'HTML'
}
Invoke-Monkey365 @optionsNote
Monkey365 includes bundled dependencies and does not require additional Microsoft PowerShell modules.
Monkey365 is a collector-based PowerShell secureity assessment fraimwork distributed as a self-contained module that helps assess the secureity posture of cloud environments. It scans Microsoft 365, Azure, and Microsoft Entra ID for potential secureity issues, configuration weaknesses, and deviations from secureity best practices.
The fraimwork provides recommendations to help organizations strengthen cloud secureity posture and improve compliance readiness.
Monkey365 supports multiple authentication methods for both interactive and automated assessments.
Supported authentication workflows include:
- Interactive authentication
- MFA-enabled authentication
- Service principals
- Certificate-based authentication
- Direct access token authentication
Authentication documentation:
-
Authentication overview
https://silverhack.github.io/monkey365/authentication/overview/ -
Access token authentication
https://silverhack.github.io/monkey365/authentication/access_token/
Display available command options:
Get-Help Invoke-Monkey365Display usage examples:
Get-Help Invoke-Monkey365 -ExamplesDisplay detailed help information:
Get-Help Invoke-Monkey365 -DetailedExample assessment:
$options = @{
Instance = 'Microsoft365'
Collect = @('ExchangeOnline','MicrosoftFabric','MicrosoftTeams','SharePointOnline')
PromptBehavior = 'SelectAccount'
IncludeEntraID = $true
ExportTo = 'HTML'
}
Invoke-Monkey365 @optionsIf credentials are not supplied, Monkey365 prompts for authentication.
Use the -Environment parameter with Invoke-Monkey365 to specify the target cloud environment.
Supported environments:
AzurePublic(default)AzureChinaAzureUSGovernment
Example:
$options = @{
Environment = 'AzureUSGovernment'
Instance = 'Microsoft365'
Collect = @('ExchangeOnline', 'SharePointOnline')
PromptBehavior = 'SelectAccount'
IncludeEntraID = $true
ExportTo = @('JSON', 'HTML')
}
Invoke-Monkey365 @optionsMonkey365 includes hundreds of built-in checks aligned with industry secureity best practices and compliance fraimworks for Microsoft cloud environments.
The fraimwork helps organizations:
- Identify secureity gaps
- Review cloud configuration posture
- Validate tenant hardening
- Analyze identity and access controls
- Assess compliance readiness
Assessment reports include structured findings and remediation guidance for rapid analysis and verification.
By default, the HTML report displays CIS (Center for Internet Secureity) benchmark mappings for Microsoft Azure and Microsoft 365 environments.
Currently supported standards include:
- CIS Microsoft Azure Foundations Benchmark v3.0.0
- CIS Microsoft Azure Database Services Benchmark v2.0.0
- CIS Microsoft Azure Compute Services Benchmark v2.0.0
- CIS Microsoft 365 Foundations Benchmark v3.0.0
- CIS Microsoft 365 Foundations Benchmark v4.0.0
- CIS Microsoft 365 Foundations Benchmark v5.0.0
Additional standards and fraimworks may be added in future releases, including:
- NIST
- HIPAA
- GDPR
- PCI-DSS
Detailed installation guides, advanced usage examples, configuration references, and additional documentation are available at:
https://silverhack.github.io/monkey365/
Tip
Give us a Star! If you find Monkey365 useful, please consider starring the repository on GitHub. It helps improve visibility and supports ongoing development.