Getting Started with ConfigCobra

Follow these simple steps to set up ConfigCobra and run your first CIS compliance assessment for Microsoft 365.

Important License Requirements

CIS Benchmarks are based on Microsoft 365 E3 and E5 licenses. Although we can scan some controls without them, having some kind of Microsoft Defender license (Defender for Office 365, Defender for Endpoint, or Microsoft Defender XDR) is a minimum requirement for full functionality.

Get started on Microsoft AppSource

Visit the Microsoft AppSource marketplace to acquire your ConfigCobra subscription. Choose the Standard plan for a free trial.

To get started, please go to Microsoft AppSource and press "Get it now". To acquire a free trial, please select the

Standard

plan.

Provide your user count

Enter the number of licensed users in your organization. This is crucial for proper application functionality.

Give us your user count. This is important because the application only works if you have that many licenses as many licensed users you have (excluded guest users).

Complete your order

Select your billing account and billing profile, then place your order through Microsoft AppSource.

Select your billing account and billing profile, then place your order through the Microsoft AppSource checkout process.

Activate your subscription

Follow the activation link sent to you after purchase to complete the setup on our fulfillment platform.

Please follow the activation link to our fulfillment platform and activate your subscription. This link will be provided after you complete your purchase on Microsoft AppSource.

Receive confirmation email

Wait for our team to activate your subscription and send you a confirmation email with next steps.

Once your subscription is activated by our team, you will receive a confirmation email with your login credentials and next steps.

Log in to ConfigCobra

Access the ConfigCobra application using the credentials provided in your confirmation email.

Head to app.configcobra.com and please log in using the credentials from your confirmation email.

Accept permissions

Grant all required permissions on the admin consent page to enable ConfigCobra to assess your environment.

Accept all the permissions on the admin consent page. This is required for ConfigCobra to access and assess your Microsoft 365 configurations.

Configure missing permissions

Activate permissions for controls that require additional access. This can be done by administrators or forwarded to your IT team.

After login, go to the Assessment page. You will see some controls that have a

Missing Permissions

blue tag.

Please click one of them. A modal window will appear where you can manage the required roles. You can:

Press "ASSIGN" to automatically assign the required roles and permissions
Press "DO IT MANUALLY" if you prefer to configure the permissions manually through Azure portal
If you are a regular user: Send the instructions provided to your global administrator to grant the necessary permissions

You're ready to do your first assessment!

Once you've completed all the steps above, you can navigate to the Assessment page and start running your first CIS compliance scan. ConfigCobra will automatically check your Microsoft 365 configurations against CIS Benchmark standards.

Back to Documentation Next: Assessments