Skip to main content
Five Steps for Cloud Compliance Readiness·A practical playbook for security teamsDownload

Getting Started with ConfigCobra

Follow these simple steps to set up ConfigCobra and run your first CIS compliance assessment for Microsoft 365.

Getting Started8 steps
Get started on Microsoft AppSource ↗
i

Important License Requirements

CIS Benchmarks are based on Microsoft 365 E3 and E5 licenses. Although we can scan some controls without them, having some kind of Microsoft Defender license (Defender for Office 365, Defender for Endpoint, or Microsoft Defender XDR) is a minimum requirement for full functionality.

  1. Get started on Microsoft AppSource

    Visit the Microsoft AppSource marketplace to acquire your ConfigCobra subscription. Choose the Standard plan for a free trial.

    Go to Microsoft AppSource ↗ and press "Get it now". To acquire a free trial, please select the Standard plan.

    Microsoft AppSource - Get it now
  2. Provide your user count

    Enter the number of licensed users in your organization. This is crucial for proper application functionality. Not sure how to check? See the guide →

    Give us your user count. This is important because the application only works if you have that many licenses as many licensed users you have (excluded guest users).

    Provide user count
  3. Complete your order

    Select your billing account and billing profile, then place your order through Microsoft AppSource.

    Select your billing account and billing profile, then place your order through the Microsoft AppSource checkout process.

    Complete purchase
  4. Activate your subscription

    Follow the activation link sent to you after purchase to complete the setup on our fulfillment platform.

    Please follow the activation link to our fulfillment platform and activate your subscription. This link will be provided after you complete your purchase on Microsoft AppSource.

    Activate subscription
  5. Receive confirmation email

    Wait for our team to activate your subscription and send you a confirmation email with next steps.

    Once your subscription is activated by our team, you will receive a confirmation email with your login credentials and next steps.

    Activation email
  6. Log in to ConfigCobra

    Access the ConfigCobra application using the credentials provided in your confirmation email.

    Head to app.configcobra.com ↗ and log in using the credentials from your confirmation email.

  7. Accept permissions

    Grant all required permissions on the admin consent page to enable ConfigCobra to assess your environment.

    Accept all the permissions on the admin consent page. This is required for ConfigCobra to access and assess your Microsoft 365 configurations.

    Admin consent
  8. Configure missing permissions

    Activate permissions for controls that require additional access. This can be done by administrators or forwarded to your IT team.

    After login, go to the Assessment page. You will see some controls that have a Missing Permissions blue tag. Click one of them — a modal window will appear where you can manage the required roles. You can:

    • Press "ASSIGN" to automatically assign the required roles and permissions
    • Press "DO IT MANUALLY" if you prefer to configure the permissions manually through Azure portal
    • If you are a regular user: send the instructions provided to your global administrator to grant the necessary permissions
    Role permissions assignment

You're ready to do your first assessment!

Once you've completed all the steps above, you can navigate to the Assessment page and start running your first CIS compliance scan. ConfigCobra will automatically check your Microsoft 365 configurations against CIS Benchmark standards.

Free trial