Baselines tell you where to start. But your organization's security requirements don't end where a generic checklist does. Your business has unique Conditional Access needs, specific delegation models, custom role definitions, and regulatory obligations that no pre-built assessment can fully address. In this session, Merill and Sam go deep on Maester's test authoring capabilities, showing how PowerShell and Pester give you the flexibility to test anything you can query—across Entra ID via Microsoft Graph, on-premises AD via LDAP and PowerShell remoting, and any other service with an API or command-line interface. We'll build tests live on stage, starting from real-world security policies and turning them into automated validations. You'll see how Maester's architecture makes it straightforward to extend coverage to your entire hybrid estate, not just the parts a vendor anticipated. Learning Objectives: - Understand Maester's test architecture and how Pester, Microsoft Graph, and PowerShell combine to create a flexible, extensible security testing framework. - Write custom tests from scratch based on real-world security policies, covering Conditional Access, privileged access, authentication configuration, and tenant settings. - Extend Maester to on-premises Active Directory using PowerShell—testing Group Policy, delegation, trusts, service accounts, and other AD-specific configurations. - Connect Maester to any service with a PowerShell module, REST API, or command-line interface to build unified test suites that span your entire hybrid environment. - Structure and organize a growing test library so it remains maintainable, readable, and useful as living documentation of your security intent.