KeenLens AI  /  Products  /  MailGuard self-host

MailGuard · Self-hosted

Run MailGuard inside your own environment.

Deploy the full attack-path intelligence and posture-management platform on your own infrastructure. Your email security data stays in your environment — MailGuard connects read-only, with no agents and no mail-flow changes. Docker-based, up and running in minutes.

Request access → View on GitHub

Two ways to run it

Hosted, or in your own environment.

Same platform either way. Choose hosted if you want zero infrastructure to manage, or self-host if you'd rather keep everything inside your own tenant.

SaaS · We host it

MailGuard Cloud

We run it on Azure. Nothing to deploy, nothing to maintain — connect your tenant and start in minutes.

  • No infrastructure to stand up or patch
  • Always on the latest version automatically
  • Managed lookalike-domain intelligence included
Book a demo →

Self-hosted · You host it

MailGuard Pro

Run the whole platform on your own server. Your configuration and findings never leave your environment.

  • Stays entirely within your own infrastructure
  • Single Docker Compose stack — app, worker, database
  • Multi-tenant mode for MSPs out of the box
Request access →
Read-only access No agents installed No mail-flow changes MailGuard reads your configuration. It never modifies your tenant.

Self-host quickstart

From zero to a running instance.

You'll need Docker and a MailGuard Pro license key plus the registry token issued with it (the image is private). The short version is below — the full beginner-grade guides live on GitHub.

🐧 Linux

Needs: Ubuntu 22.04+ / Debian 12+, ~2 CPU / 4 GB RAM / 20 GB disk, plus git & Docker (one command installs both).

1

Install tools & download MailGuard

# installs git + Docker, then clones the repo curl -fsSL https://get.docker.com | sudo sh git clone https://github.com/snifsnsort/mailguard-pro.git cd mailguard-pro
2

Configure (asks for license key + admin password)

bash setup.sh
3

Sign in to the registry & start

echo 'YOUR_TOKEN' | docker login ghcr.io -u snifsnsort --password-stdin docker compose pull docker compose up -d
🪟 Windows

Needs: Windows 10/11 (64-bit), ~4 GB RAM / 20 GB disk, and Docker Desktop. Nothing else to install — PowerShell is built in.

1

Install Docker Desktop & download MailGuard

Install Docker Desktop, then download the repo ZIP from GitHub and extract it.

2

Configure (asks for license key + admin password)

powershell -ExecutionPolicy Bypass -File .\setup.ps1
3

Sign in to the registry & start

echo YOUR_TOKEN | docker login ghcr.io -u snifsnsort --password-stdin docker compose pull docker compose up -d

Then open http://localhost:8000 and sign in with the admin password you chose. The first start takes 30–60 seconds while it sets up the database and verifies your license.

→ Full Linux guide → Full Windows guide → Repository & README

Connecting Microsoft 365 — about PowerShell

Running MailGuard itself needs only Docker. To connect a Microsoft 365 tenant, the in-app wizard hands you a setup script that signs in with a device code (no Azure subscription required). On Windows there's nothing to install — right-click → Run with PowerShell. On macOS or Linux, either run it in Azure Cloud Shell (nothing to install) or verify PowerShell 7 is present and run pwsh ./MailGuard-OAuth-Setup.ps1 — install it first if needed (brew install --cask powershell on Mac). The script installs the modules it needs and only ever reads your tenant.

Ready to deploy in your environment?

Request access and we'll send your license key, registry token, and a hand if you want one.

Request access → Or book a demo