π Release Highlights
β Full Support for CIS Microsoft Azure Compute Benchmark 2.0
Monkey365 now includes full support for the CIS Microsoft Azure Compute Benchmark v2.0, with expanded coverage for Azure compute resources, including:
- Virtual Machines
- Virtual Machine Scale Sets
- App Services
- App Service Slots
- Function Apps
- Function App Slots
- Containers
- Additional Azure compute-related services and checks
π Rules & Collectors
This release includes a major update to Azure compute benchmark coverage:
- Older rules were rewritten and cleaned up
- Added more than 100 new rules
- Improved consistency and alignment with CIS recommendations
The goal of these changes is to provide broader coverage and more accurate Azure compute security assessments.
π§ͺ Example Usage
You can run the CIS Azure Compute Services benchmark with the following command:
$p = @{
Instance = "Azure";
Collect = "VirtualMachines","AppServices","Containers";
ExportTo = @('HTML');
RuleSet = "C:\monkey365\rules\rulesets\cis_azure_compute_services_2.0.json";
}
Invoke-Monkey365 @p𧹠Cleanup & Fixes
This release also includes fixes for the following issues:
-
Fixed
Convert-UrlToJsDelivrto better support branches, tags, and latest-version resolution.
Fixes #180. For additional information visit https://silverhack.github.io/monkey365/exporting/export-html/#assets-configuration -
Fixed jsDelivr
@latesthandling where HTTP 301 redirects could affect asset resolution.
Fixes #179 -
Fixed broken HTML report generation caused by jsDelivr redirects not being followed correctly.
Fixes #178 -
Fixed false positives in
azure_194, where Storage Accounts configured withTLS1_2were incorrectly marked as failed.
Fixes #176
Special thanks to @tranbert and @JonasBogvad for discovering the issues.
π What's Coming Next
I'm currently working to consolidate Microsoft Entra ID checks across both Azure and Microsoft 365 assessments.
The next Monkey365 release will introduce dozens of new security checks and a dedicated ruleset designed for comprehensive Microsoft Entra ID tenancy reviews
Upcoming coverage includes:
- App Registrations
- Conditional Access Policies
- Enterprise Applications
- Role Assignments
- Privileged Access Configurations
- Identity Security Controls
- Additional Entra-related attack surface checks
These changes are being tracked in #172.
The removed collectors tracked in #175 will return in a revised form in the next release.
- Review Microsoft Entra Checks Across Azure and Microsoft 365 Benchmarks #172
- Create Separate Benchmarks for Azure Compute #173
- Update to latest CIS Benchmarks #164
ποΈ Deprecated Benchmarks
The following benchmarks are now deprecated and will be retired in a future release:
- CIS Microsoft Azure Foundations 3.0
- CIS Microsoft 365 Foundations 3.0
- CIS Microsoft 365 Foundations 4.0
- CIS Microsoft 365 Foundations 5.0
Feedback & Contributions
Please test the new release and report any issues you find.
Feedback, bug reports, and feature requests will help me to improve Monkey365.
Contributions are always welcome, especially around:
- New security checks
- Benchmark coverage
- Bug fixes
- Documentation improvements
Additional Information
For setup instructions, usage examples, available commands, and project documentation, visit:
- Project documentation: https://silverhack.github.io/monkey365/
- Project repository: https://github.com/silverhack/monkey365
- Previous release: https://github.com/silverhack/monkey365/releases/tag/v0.97
Full Changelog: v0.96.6...v0.98
