Set up an Azure integration in five minutes
Integrate Mondoo and Azure with just a single command. No more worrying about setting up apps, configuring service principals, or generating certificates; just tell Mondoo what you'd like to scan in your Azure subscription and paste the command in CloudShell. Then kick back, relax, and let Mondoo do the heavy lifting.
Enjoy the same ease when you scan Azure with the Mondoo client! There's no need for complex Azure credential configuration. Now cnquery and cnspec can install and run directly in Azure Cloud Shell.
Superpowered risk factors
This month we made risk factors customizable, more comprehensive, and more visible.
Customize risk factors
Tailor Mondoo's security model to match the needs of your business with risk factor customizations. Choose which risk factors matter to you and tune how much impact each risk factor has on the prioritization of findings. That way, the unique needs of your infrastructure determine which systems require urgent attention.
New risk factors
Focus on the most important systems first, with new risk factors for critical databases, file sharing, FTP servers, and directory services. These new risk factors surface your most critical systems first, so you can focus your energy on the highest risks to your business:
- Cassandra
- Elasticsearch
- MariaDB
- MongoDB
- OpenLDAP
- OpenSearch
- Samba
- vsftp server
- Pure-FTPd server
- ProFTPD FTP server
Understand an asset's risks at a glance
Mondoo now shows risk factors on asset checks tables so you can understand risks that elevate security concerns.
Expanded Windows support
Our first-class Windows security and compliance just got even better.
Windows 2025 Server support
It's been over three years since the last major Windows Server release, and Microsoft has been busy putting plenty of new security features in Windows 2025. If you're testing the waters on this new version, released this week, Mondoo has your back! We have full support for securing Windows Server 2025, including the new Arm processor variants.
If you're interested in learning more about everything new in this Windows release, check out our Overview of Changes and New Security Features in Windows Server 2025 blog post.
Package data in Windows snapshot scans
You can now expose package vulnerabilities on Windows cloud hosts without deploying agents. Windows cloud snapshot scans now include package discovery.
Detect EOL dates for Windows LTSC and LTSB releases
Mondoo EOL detection support for Windows now includes the Microsoft Long Term Servicing Channel (LTSC) and Long Term Servicing Branch (LTSB) releases. No matter what release of Windows you use, Mondoo detects upcoming EOL dates.
Find and fix the security risks that pose the biggest threat to your business.
Long descriptions for organizations and spaces
Communicate the intended purpose of organizations and spaces to your coworkers, or maybe just your future self, with long descriptions for organizations and spaces. Set a description in the new organization and space creation pages or edit them after the fact in the settings pages.
Notes for cases
Cases (Mondoo's ticket system integration feature) are an important way to communicate with the team fixing security issues. Now you can provide the context that downstream teams need to remediate problems quickly: When you create a case, you can write a note, which automatically syncs to your ticketing or project management system.
View configuration details of your asset inventory
Understand the configuration of systems throughout your spaces with query packs. Query pack pages now expose results returned for each asset. Use Mondoo's two dozen out-of-the-box query packs to expose important configuration data such as running processes or available memory. If those query packs don't include quite what you need, write your own query packs to expose business-specific asset configuration data throughout your spaces.
See priority findings on the spaces page
Quickly understand the spaces that need your attention the most with a count of priority findings shown on the spaces page. The number of priority findings is the total of all critical and high findings on the space. Mondoo highlights them to help you to better prioritize your effort.
Secure NGINX assets
Keep critical web servers, proxy servers, and load balancers secure with new CIS NGINX benchmarks. These six policies include 91 checks in total designed to ensure that NGINX is not only installed securely but also configured to protect sensitive data from prying eyes.
CloudLinux support
Query and secure CloudLinux assets with new support in Mondoo for the hosted-optimized Linux distribution.
Faster load times in compliance
Track your compliance quicker than ever, with up to 10x faster load times in the Compliance Frameworks page.
Badges for newly enabled policies
Too many cooks in the kitchen? Understand when you or your coworkers enable new policies in a space with a "New" badge on any policy enabled in the last 7 days.
Policy updates
We updated four CIS benchmark policies in November.
CIS AWS Foundations benchmark 4.0
Stay on top of the latest threats against your AWS infrastructure with the updated CIS AWS Foundations benchmark 4.0. This new release includes 14 new and updated recommendations for the most commonly used Amazon services.
CIS Debian 12 v1.1.0 benchmark policy
Secure Debian 12 systems with the latest recommendations from the Center for Internet Security. This newly updated policy includes 365 updates including all new checks, updated descriptions, and improved remediation steps.
CIS macOS 12 v3.1.0 benchmark policy
Secure legacy macOS 12 systems with the newly updated macOS 12 (Monterey) benchmark, including updated checks, recommendations, and remediation steps.
Updated CIS Debian 11 benchmark policy 2.0.0
With 665 updates including new and improved checks, descriptions, and remediation steps, this updated policy keeps your Debian 11 systems secure against the latest threats.
New and improved MQL resources
Of course, we added and improved MQL resources this month to give you access to even more infrastructure data.
files.find
New depth
field
fstab
New resource
gitlab.project
New emptyRepo
field
New groupRunnersEnabled
field
New jobsEnabled
field
New sharedRunnersEnabled
field
gitlab.project.approvalsetting
New selectiveCodeOwnerRemovals
field
gitlab.project.member
New state
field
New username
field
microsoft.conditionalAccess
The namedLocations
field now returns the new microsoft.conditionalAccess.namedLocations
resource
microsoft.user
New mfaEnabled
field
vsphere.datacenters
New distributedPortgroups
field
New distributedSwitches
field
vsphere.vswitch.dv
New moid
field