ShieldChecker is built entirely on native Azure services and deployed completely within your own Azure tenant. We strongly recommend running the solution in a dedicated test tenant to ensure your production environment remains unaffected.
ShieldChecker is a comprehensive community solution that allows testing established detections with Microsoft Defender XDR end-to-end. Unlike traditional approaches that simply replay logs, ShieldChecker actually executes tests and verifies that expected detections are triggered, providing real-world validation of your security controls.
๐ Start DeploymentActually executes security tests rather than simply replaying logs
Deployed in your own Azure tenant. Recommended for non-productive environments to avoid interference with machine learning algorithms.
Learn more
Low Azure costs thanks to pay-as-you-go pricing model. Only pay for what you use during testing cycles.
Learn more
Completely automated solution with built-in scheduler for regular testing cycles without manual intervention.
Quick deployment with the ability to import Atomic Red Team tests, allowing you to start testing immediately.
Streamlined error handling and missed detection review with dedicated RDP sessions and configured access to worker VMs.
Supports tests against domain controllers or running tests directly on them when required for comprehensive testing.
Supports testing on both Windows and Linux environments for comprehensive coverage.
Code is made available under GPL-3.0 license.
View License
ShieldChecker is built entirely on native Azure services and deployed completely within your own Azure tenant. We strongly recommend running the solution in a dedicated test tenant to ensure your production environment remains unaffected.
Complete Azure architecture showing all native Azure services used by ShieldChecker
Deploy in a separate Azure tenant to prevent interference with production Machine Learning models and their security baselines.
One Microsoft 365 E5 subscription provides all necessary Defender XDR features for comprehensive testing coverage.
Built exclusively with native Azure services - no external dependencies or third-party components required.
Complete isolation from production environments ensures no impact on existing security analytics and ML models.
ShieldChecker is completely free to use as an open-source solution. However, since it's deployed entirely to Azure, pay-as-you-go Azure costs apply based on your usage.
~$200 USD
Expected monthly Azure costs for the core solution infrastructure. Actual costs may vary depending on your chosen Azure datacenter region.
~$0.20 USD
Cost for temporary worker VMs created during test execution when review mode is disabled. Workers are automatically cleaned up after completion.
~$1.00 USD
Cost for failed executions when review mode is enabled, assuming review is completed within one day. Extended review periods will increase costs proportionally.
Pay-as-you-go
Thanks to Azure's pay-as-you-go model, you only pay for resources when actively testing. No upfront costs or long-term commitments required but can be used to save costs.
Note: All cost estimates are approximate and based on standard Azure pricing. Actual costs may vary based on your specific Azure region, usage patterns, and current Azure pricing. We recommend monitoring your Azure costs through the Azure Cost Management portal.
Example of Azure Cost Management dashboard showing actual ShieldChecker deployment costs from a real environment.
At this point, ShieldChecker is provided "as is" without support. This is a community-driven open source project designed to help security professionals validate their Microsoft Defender XDR configurations.
Future plans may include paid support options for organizations requiring dedicated assistance and service level agreements.
If you find ShieldChecker helpful and would like to show your appreciation, consider supporting the project by buying the developer a coffee:
โ Buy me a coffee