Zero Trust Assessment Tool

What is the Zero Trust Assessment Tool?

This PowerShell cmdlet tool provides essential checks to confirm a strong security baseline, preparing you for advanced features and a more resilient security posture. These checks include identity and devices, checks for data, network, infrastructure and security operations pillars are not currently included.

To learn more about the assessment, visit the Microsoft Zero Trust Assessment documentation.

How do I run the assessment?

The cmdlet can be run using the following commands:

Install-Module ZeroTrustAssessment -Scope CurrentUser
Connect-ZtAssessment
Invoke-ZtAssessment

What version of PowerShell do I need?

This app uses PowerShell 7.0 or higher. It will not run if you have a version of PowerShell below 7.0. You can download PowerShell 7.0 here

How does this app work?

This app uses Microsoft Graph to read the tenant configuration and provide recommendations on improving the end to end security configuration.

When you run the cmdlet, you will be prompted to log in to your Entra ID tenant. It is recommended to use a non-guest account for logging in. For example, if your tenant domain name is contoso.onmicrosoft.com, you should log in with an account similar to <signin-name>@contoso.onmicrosoft.com.

What options are available with this tool?

You can specify an option whether to collect telemetry on the usage of this cmdlet. The only telemetry that is collected is the Entra ID tenant id (GUID) that the cmdlet is being run against. No other personal or tenant information is collected.

The switch available is -DisableTelemetry.

What is the output generated by this app?

The report generated by the assessment includes a summary of the findings and recommendations based on your tenant configuration.

You can view an interactive demo of the report at Zero Trust Assessment Demo.