Frequently Asked Questions
Answers to the most common questions about ConfigCobra, automated CIS assessments, security, pricing, and licensing.
General
ConfigCobra is a cloud security posture tool that performs automated CIS-based assessments across Microsoft 365. It helps teams detect misconfigurations, follow security baselines, and stay audit-ready.
IT, security, and compliance teams that manage Microsoft 365 environments. It is ideal for both SMBs and enterprises that follow CIS Benchmarks or need continuous compliance visibility.
CIS Benchmarks & Assessments
ConfigCobra currently supports CIS Microsoft 365 Foundations Benchmark. Additional benchmarks are being added regularly based on customer feedback and industry needs.
Yes. You can run Level 1 (safe, minimal impact) and Level 2 (stricter, security-focused) profiles. Each rule shows its severity and recommended enforcement action.
The platform connects using read-only Microsoft Graph permissions through Microsoft 365 app registration. No password sharing, no agents, and no invasive permissions are required.
Security & Data Privacy
We store only metadata required for compliance reporting. No email content, files, or personal mailbox data is stored. All communication is encrypted in transit and at rest.
ConfigCobra runs on Microsoft cloud infrastructure (EU region), following strict security standards and controlled access policies.
Pricing & Subscription
ConfigCobra offers flexible pricing plans based on your organization's needs. You can start with a free trial from Microsoft AppSource and choose from Standard or Premium plans. Pricing is based on the number of licensed users in your Microsoft 365 tenant. Visit our pricing page or contact us for enterprise pricing options.
Yes! You can start with a free trial through Microsoft AppSource. The trial allows you to explore all ConfigCobra features, run assessments, and generate reports. No credit card is required to start your trial.
Features & Roadmap
Enforcement allows you to apply recommended configurations inside Microsoft 365 directly from ConfigCobra. It is currently in development and rolling out to early access partners.
Yes. Any scan can be exported as a branded PDF including summaries, rule evaluations, evidence, and remediation recommendations.