Forum Discussion

umamasurkar28's avatar
umamasurkar28
Icon for Microsoft rankMicrosoft
Nov 18, 2025

Microsoft Zero Trust Assessment v2: Operationalizing Security with Precision

In an era where cyber threats evolve faster than ever, organizations can’t afford blind spots. Zero Trust is no longer optional it’s the foundation of modern security. With the release of the Microso...
security
security compliance toolkit
GökselATAKAN's avatar
GökselATAKAN
Copper Contributor
Nov 22, 2025

I downloaded when i see on LinkedIn and ran the Microsoft Zero Trust Assessment v2 tool with the required permissions. The results were quite good overall. it gives a clear picture of current posture and highlights gaps in Identity and Device settings.

However, I have a few observations and suggestions:

  1. It would be even more useful if it were integrated into the Defender side (like a dashboard in Microsoft Defender) rather than being a standalone PowerShell module/report.
  2. There are already many tools in this space, and one of the earlier tools, the “Maester” tool, appears to work in a very similar way in fact, I’ve heard that this new tool may even be incorporated into Maester.
  3. My suggestion: Microsoft could consider building a unified dashboard-style page that brings together all the tools that matter rather than having many separate ones. This would help in having a consolidated view and reduce tool-sprawl.

    What it does well
    • The tool automates checks across many configuration items aligned with the Zero Trust pillars, industry standards (such as NIST, CISA, CIS) and Microsoft’s internal baselines. 
    • It produces actionable recommendations and links to remediation steps; not just “here’s a problem” but “here’s how to fix it”. 
    • The tool is open-source, which gives transparency and the ability for community input. 

      Areas for improvement / limitations
    • The tool currently appears to focus first on the Identity and Devices pillars of Zero Trust. The other pillars (Applications, Data, Infrastructure/Network) are to come. 
    • Because it runs as a PowerShell module and produces a report (or HTML/Excel output), it doesn’t feel fully “native” in the central security console/dashboard of Microsoft. Some users state they expect deeper integration.
    • With many tools in the Microsoft ecosystem (and third-party tools), tool sprawl becomes a challenge. Having multiple separate assessment tools means multiple reports, consoles, possibly overlapping functionality.
    • There may be challenges around scaling and complexity: large tenants may take “several hours” to run depending on environment size.

      Overall suggestion
      Given its strengths and limitations, it seems the tool is valuable, but would gain increased adoption and usability if it were:
    • More tightly integrated into the main Microsoft security platform (e.g., visible in Defender portal)
    • Expanded to cover all Zero Trust pillars more rapidly
    • Presented via a unified dashboard that aggregates results from this and other assessments/tools (so security teams have one “pane of glass”)
    • Optimised for large/complex tenants with minimal performance/time issues

Resources