Frequently Asked Questions
Answers to the most common questions about ConfigCobra, automated CIS assessments, security, pricing, and licensing.
General
What is ConfigCobra?
ConfigCobra is a cloud security posture tool that performs automated CIS-based assessments across Microsoft 365. It helps teams detect misconfigurations, follow security baselines, and stay audit-ready.
Who is ConfigCobra designed for?
IT, security, and compliance teams that manage Microsoft 365 environments. It is ideal for both SMBs and enterprises that follow CIS Benchmarks or need continuous compliance visibility.
CIS Benchmarks & Assessments
What CIS Benchmarks do you support?
ConfigCobra supports the CIS Microsoft 365 Foundations Benchmark v5.0.0 — 129 controls across 9 sections, covering the Microsoft 365 admin center, Microsoft Entra (Identity), Microsoft Defender, Microsoft Purview, Microsoft Intune, Exchange Online, SharePoint Online & OneDrive, Microsoft Teams, and Microsoft Fabric (Power BI).
Do you support Level 1 and Level 2 profiles?
Yes. You can run Level 1 (safe, minimal impact) and Level 2 (stricter, security-focused) profiles. Each rule shows its severity and recommended enforcement action.
How does ConfigCobra access our environment?
The platform connects using read-only Microsoft Graph permissions through Microsoft 365 app registration. No password sharing, no agents, and no invasive permissions are required.
How long does an assessment take?
Assessments typically complete in 20–25 minutes. ConfigCobra walks all selected controls via read-only Microsoft Graph calls — no agents, no scripts.
Security & Data Privacy
Do you store customer data?
We store only metadata required for compliance reporting. No email content, files, or personal mailbox data is stored. All communication is encrypted in transit and at rest.
Where is the service hosted?
ConfigCobra runs on Microsoft cloud infrastructure (EU region), following strict security standards and controlled access policies.
Pricing & Subscription
How does ConfigCobra pricing work?
ConfigCobra offers an Assessment License (one-time, per-tenant — for MSPs and auditors) and four user-tiered Continuous Compliance plans for End Users. Every plan includes the full 129-control CIS Benchmark and audit-ready PDF evidence. View all plans →
Is there a free trial?
Yes — a 14-day free trial is available with access to 15 of the 129 CIS controls. No credit card required.
Can I cancel anytime?
Yes. You can cancel your subscription at any time. Your assessment history and evidence reports remain accessible until the end of your billing period.
Features & Roadmap
What Microsoft 365 services are covered?
ConfigCobra covers every Microsoft 365 admin surface in scope for the CIS Microsoft 365 Foundations Benchmark v5.0.0: the Microsoft 365 admin center, Microsoft Entra (Identity), Microsoft Defender (Defender for Office 365), Microsoft Purview, Microsoft Intune, Exchange Online, SharePoint Online & OneDrive, Microsoft Teams, and Microsoft Fabric (Power BI).
Can I schedule automated scans?
Yes. The Scheduler allows you to set daily, weekly, or monthly scan cadences using any combination of controls or predefined rule sets. Learn more →
How am I notified of findings and drift?
ConfigCobra sends email notifications when a control regresses or a scheduled scan completes. You can configure per-user notification preferences from within the platform.
Do you support Google Workspace?
Google Workspace support is under consideration. Register for early access and get 60 days free when we launch — your interest directly shapes what we build. Learn more and register →
Do you support Azure?
CIS Azure Foundations Benchmark coverage is planned for Q3 2026 — the same automated scan-to-evidence workflow applied to your Azure cloud, unified with your Microsoft 365 posture in one workspace. Register for early access on the roadmap →
Is there an AI Security Audit?
An AI Security Audit is planned for Q3 2026. It runs automated configuration checks for Azure OpenAI Service, Microsoft Copilot, and other AI workloads against security baselines and access-control best practices. Register for early access on the roadmap →
Still have a question? Contact our team — we typically respond within 4 business hours.