ScubaGear automates the assessment of Microsoft 365 tenant configurations against CISA's Secure Configuration Baselines using PowerShell and Open Policy Agent.
Automation to assess the state of your M365 tenant against CISA's baselines
This tool is designed for Microsoft 365 administrators who need to evaluate their tenant environments for compliance with CISA's security baselines. It automates the process of querying tenant settings, applying policy checks, and generating comprehensive compliance reports to support governance and risk management efforts.
Running ScubaGear requires appropriate permissions on the Microsoft 365 tenant, which can be interactive or non-interactive depending on the use case. Users should review the prerequisites and permissions documentation carefully before execution. The tool depends on PowerShell 5 and Windows environment compatibility. Reports generated can be used for compliance auditing and risk assessment aligned with CISA baselines.
Open a PowerShell 5 terminal on a Windows computer
Run 'Install-Module -Name ScubaGear' to install the module from PSGallery
Run 'Initialize-SCuBA' to install the minimum required dependencies
Verify installation by running 'Invoke-SCuBA -Version'Install-Module -Name ScubaGear
Installs the ScubaGear PowerShell module from the PowerShell Gallery.
Initialize-SCuBA
Installs the minimum required dependencies needed for ScubaGear to run.
Invoke-SCuBA -Version
Checks and displays the installed version of ScubaGear.
Invoke-SCuBA -ProductNames *
Runs a full assessment of all supported Microsoft 365 products in the tenant.