Semperis Extends Purple Knight AD Security Tool to US Government Clouds

Executive Summary

Semperis, an identity security and resilience company, has expanded the capabilities of its widely used free security assessment tool, Purple Knight. As of April 21, 2026, the tool now provides full support for Microsoft Government Community Cloud High (GCC High) environments. This is a significant development for U.S. federal agencies, Department of Defense (DoD) organizations, and Defense Industrial Base (DIB) contractors who operate within this stringent, high-compliance cloud. These organizations can now use Purple Knight to scan their Entra ID (formerly Azure AD) tenants for security gaps and misconfigurations, complementing the tool's existing capabilities for scanning on-premises Active Directory (AD).

Security Operations Details

Purple Knight is a free community tool designed to help organizations identify vulnerabilities in their hybrid identity infrastructure. It runs a comprehensive set of tests against both on-premises AD and Entra ID, checking for security indicators of exposure and compromise. The tool is recommended by the Five Eyes intelligence alliance (including the NSA and CISA) as part of its guidance on hardening AD environments.

The challenge for organizations in GCC High was that while they could use Purple Knight for their on-premises AD, they had no way to perform the same assessment on their cloud-based Entra ID tenant due to the specialized nature and APIs of the GCC High environment. This created a significant visibility gap.

This update closes that gap, allowing security teams to:

• Gain a unified view of their identity security posture across their entire hybrid environment.
• Assess their Entra ID configuration against best practices and identify misconfigurations.
• Benchmark their posture against government guidance and Zero Trust principles.
• Generate reports that highlight critical vulnerabilities and provide remediation guidance.

Impact Assessment

The extension of Purple Knight to GCC High provides immense value to the U.S. public sector and defense industry. Identity infrastructure (AD and Entra ID) is a primary target for sophisticated threat actors seeking to compromise government networks. By providing a free, easy-to-use tool to identify weaknesses, Semperis is helping these critical organizations harden their defenses.

Security teams within these agencies can now proactively identify and remediate issues such as:

• Overly permissive roles and accounts.
• Weak password policies.
• Risky Entra ID conditional access policies.
• Stale or orphaned accounts and service principals.

This proactive approach is far more effective than waiting for a breach to occur. For organizations that require continuous monitoring beyond Purple Knight's point-in-time assessment, Semperis also offers its commercial Directory Services Protector (DSP) platform.

Detection & Response Improvements

Using Purple Knight enhances an organization's detection and response capabilities by shifting security left. It's a proactive hunting and hardening tool.

• Improved Detection: By regularly running Purple Knight scans, security teams can detect misconfigurations and security drift before they can be exploited by an attacker. The tool effectively automates the process of looking for common attack paths and weaknesses that threat actors use.
• Faster Response: The reports generated by Purple Knight provide clear, prioritized, and actionable remediation guidance. This allows security teams to focus their efforts on the most critical issues first, reducing the time to remediation.
• Lessons Learned: After a security incident, Purple Knight can be used to perform a post-mortem assessment to identify the specific AD or Entra ID weaknesses that were exploited, helping to prevent similar incidents in the future.

Mitigation Recommendations

Purple Knight itself is a mitigation tool. The primary recommendation is for all organizations, especially those in GCC High, to download and run the tool.

1. Regular Scanning: Incorporate Purple Knight scans into a regular security assessment cadence (e.g., monthly or quarterly).
2. Prioritize Remediation: Use the tool's prioritized results to systematically address the identified vulnerabilities, starting with the most critical.
3. Integrate with SIEM: While Purple Knight is a point-in-time tool, the vulnerabilities it finds can be used to create targeted detection rules in a SIEM. For example, if Purple Knight identifies accounts vulnerable to Kerberoasting, you can create a detection rule to alert on the specific event IDs associated with that attack.
4. Continuous Monitoring: For organizations with higher maturity, consider commercial tools like Semperis DSP that provide continuous monitoring and automated response for the types of issues Purple Knight identifies.