v0.5.0 — Defender O365 + Defender Cloud depth + CI matrix
+9 checks across Defender for Office 365 and Defender for Cloud, plus cross-platform CI matrix.
New Defender for O365 checks (+6, mock-mode)
- ZAP (Zero-hour Auto Purge) for phish disabled — P2 (loses post-delivery threat-removal)
- ZAP for spam disabled — P3
- Outbound spam recipient limit too permissive — P2 (compromised-account amplification)
- Outbound spam no admin notification — P2 (threshold breaches invisible)
- Transport rules count drift — P3 (review for stale rules)
- Attack Simulation Training campaigns count — P3 (user-awareness baseline)
New Defender for Cloud checks (+3)
- Recommendation severity breakdown with High-count gating
- Defender for AI plane status (informational, model tracking + prompt-injection threats)
- Continuous export to Sentinel configured
CI matrix
GitHub Actions now runs Pester suite on:
- ubuntu-latest (PowerShell 7)
- windows-latest (PowerShell 7 + naturally PS 5.1 coverage)
- macos-latest (PowerShell 7)
Plus consolidated static-checks job: JSON validation, PSScriptAnalyzer (Error severity), KQL header check, fixture-data sanity check (non-synthetic GUID detection).
End-to-end mock: 58 findings
Up from 49 in v0.4.0. Distribution: 2 P1, 12 P2, 25 P3, 19 INFO.
Next: v0.6 (documentation depth)
Per-domain walkthroughs, threat model, FAQ, Architecture Decision Records.