CISAzureBenchmark

5.1.0

CIS Microsoft Azure Foundations Benchmark v5.0.0 Compliance Checker. Evaluates Azure subscriptions against 155 CIS controls (93 Automated + 62 Manual) covering Identity, Networking, Security, Storage, Analytics, Compute, and Management services. Generates interactive HTML dashboard, JSON, and CSV reports. Supports multi-subscription scanning with optional parallel exe
CIS Microsoft Azure Foundations Benchmark v5.0.0 Compliance Checker. Evaluates Azure subscriptions against 155 CIS controls (93 Automated + 62 Manual) covering Identity, Networking, Security, Storage, Analytics, Compute, and Management services. Generates interactive HTML dashboard, JSON, and CSV reports. Supports multi-subscription scanning with optional parallel execution (PS 7+).
Show more

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name CISAzureBenchmark

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name CISAzureBenchmark

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2026 Mohammed Siddiqui. All rights reserved.

Package Details

Author(s)

  • Mohammed Siddiqui

Tags

CIS Azure Benchmark Security Compliance Audit Defender EntraID KeyVault NSG StorageAccount

Functions

Connect-CISAzureBenchmark Disconnect-CISAzureBenchmark Invoke-CISAzureBenchmark Get-CISControlList Export-CISReport Compare-CISBenchmarkResults Export-CISRemediationScript

PSEditions

Desktop Core

Dependencies

This module has no dependencies.

Release Notes

v5.1.0 - Bug fixes, security hardening, performance, and new features
- Fixed: Section filter false positives (8.1 no longer matches 8.10, 8.11)
- Fixed: MFA fallback N+1 API storm with throttle protection and user limits
- Fixed: Score shows N/A instead of 0% when no evaluated controls
- Fixed: Retry logic no longer matches "non-transient" as retryable
- Security: Removed SkipPublisherCheck from auto-install
- Security: Replaced manual JSON construction with safe ConvertTo-Json
- Security: Added output path validation and script injection prevention
- Security: Error messages sanitized to prevent information leakage
- Performance: Blob/file service properties pre-cached (eliminates redundant API calls)
- Performance: Graph API pagination with configurable page size
- Performance: Network Watcher location fallback uses cached resources
- Performance: Progress estimation with ETA display
- New: Centralized configuration system (ModuleConfig.psd1 + ConfigPath parameter)
- New: Compare-CISBenchmarkResults for diff/trend analysis between scans
- New: Export-CISRemediationScript for generating remediation guidance scripts
- New: SARIF v2.1.0 output format for security tool integration
- New: Resource tag-based exclusions (-ExcludeResourceTag parameter)
- New: PSGallery update checker on startup
- Quality: Magic numbers replaced with configurable values
- Quality: AuthorizationFailed-specific exception handling across all sections
- Quality: Pester test suite restored and enhanced
- New: Parallel subscription scanning (-Parallel -ThrottleLimit) for PS 7+ with PS 5.1 fallback

FileList

Version History

Version Downloads Last updated
5.1.0 (current version) 32 3/3/2026