ScubaGear – Ensuring Microsoft 365 Security Compliance

ScubaGear is an assessment tool that verifies that a Microsoft 365 (M365) tenant’s configuration conforms to the policies described in the Secure Cloud Business Applications (SCuBA) Security Configuration Baseline documents.

Note: This documentation can be read using GitHub Pages.

Target Audience

ScubaGear is for M365 administrators who want to assess their tenant environments against CISA Secure Configuration Baselines.

Overview

ScubaGear uses a three-step process:

Step One – PowerShell code queries M365 APIs for various configuration settings.
Step Two – It then calls Open Policy Agent (OPA) to compare these settings against Rego security policies written per the baseline documents.
Step Three – Finally, it reports the results of the comparison as HTML, JSON, and CSV.

Getting Started

To install ScubaGear from PSGallery, open a PowerShell 5 terminal on a Windows computer and install the module:

# Install ScubaGear
Install-Module -Name ScubaGear

To install its dependencies:

# Install the minimum required dependencies
Initialize-SCuBA

To verify that it is installed:

# Check the version
Invoke-SCuBA -Version

To run ScubaGear:

# Assess all products
Invoke-SCuBA -ProductNames *

For more information click here.

Awesome-BEC – Unveiling A Comprehensive Resource For Business Email Compromise Investigations

November 14, 2023

In "Cyber security"

MSSprinkler – Enhancing M365 Security Through Advanced Password Testing

September 23, 2024

In "Cyber security"

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

August 21, 2025

In "Kali Linux"

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.