[{"data":1,"prerenderedAt":142},["ShallowReactive",2],{"article-slug-semperis-extends-purple-knight-security-tool-to-us-government-clouds":3,"articles-index":-1},{"id":4,"slug":5,"headline":6,"title":7,"summary":8,"full_report":9,"twitter_post":10,"meta_description":11,"category":12,"severity":16,"entities":17,"cves":41,"sources":42,"events":53,"mitre_techniques":57,"mitre_mitigations":70,"d3fend_countermeasures":116,"iocs":120,"cyber_observables":121,"tags":122,"extract_datetime":128,"article_type":129,"impact_scope":130,"pub_date":46,"reading_time_minutes":141,"createdAt":128,"updatedAt":128},"965e47a5-429c-4df3-a382-9fab62185f30","semperis-extends-purple-knight-security-tool-to-us-government-clouds","Semperis Extends Purple Knight AD Security Tool to US Government Clouds","Purple Knight Security Tool Adds Support for Microsoft GCC High Environments","Semperis has announced that its free identity security assessment tool, Purple Knight, now fully supports Microsoft's Government Community Cloud High (GCC High) environments. This update allows U.S. federal agencies and defense contractors to scan their Entra ID tenants within the specialized, high-compliance cloud for misconfigurations and vulnerabilities. Purple Knight, which is recommended by the Five Eyes intelligence alliance, can now provide these organizations with a unified view of their security posture across both on-premises Active Directory and cloud-based Entra ID.","## Executive Summary\n\n**[Semperis](https://www.semperis.com/)**, an identity security and resilience company, has expanded the capabilities of its widely used free security assessment tool, **Purple Knight**. As of April 21, 2026, the tool now provides full support for **[Microsoft](https://www.microsoft.com/)** Government Community Cloud High (GCC High) environments. This is a significant development for U.S. federal agencies, Department of Defense (DoD) organizations, and Defense Industrial Base (DIB) contractors who operate within this stringent, high-compliance cloud. These organizations can now use **Purple Knight** to scan their **[Entra ID](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id)** (formerly Azure AD) tenants for security gaps and misconfigurations, complementing the tool's existing capabilities for scanning on-premises **Active Directory** (AD).\n\n---\n\n## Security Operations Details\n\n**Purple Knight** is a free community tool designed to help organizations identify vulnerabilities in their hybrid identity infrastructure. It runs a comprehensive set of tests against both on-premises AD and Entra ID, checking for security indicators of exposure and compromise. The tool is recommended by the Five Eyes intelligence alliance (including the **[NSA](https://www.nsa.gov)** and **[CISA](https://www.cisa.gov)**) as part of its guidance on hardening AD environments.\n\nThe challenge for organizations in **GCC High** was that while they could use **Purple Knight** for their on-premises AD, they had no way to perform the same assessment on their cloud-based Entra ID tenant due to the specialized nature and APIs of the GCC High environment. This created a significant visibility gap.\n\nThis update closes that gap, allowing security teams to:\n-   Gain a unified view of their identity security posture across their entire hybrid environment.\n-   Assess their Entra ID configuration against best practices and identify misconfigurations.\n-   Benchmark their posture against government guidance and Zero Trust principles.\n-   Generate reports that highlight critical vulnerabilities and provide remediation guidance.\n\n## Impact Assessment\n\nThe extension of **Purple Knight** to GCC High provides immense value to the U.S. public sector and defense industry. Identity infrastructure (AD and Entra ID) is a primary target for sophisticated threat actors seeking to compromise government networks. By providing a free, easy-to-use tool to identify weaknesses, Semperis is helping these critical organizations harden their defenses.\n\nSecurity teams within these agencies can now proactively identify and remediate issues such as:\n-   Overly permissive roles and accounts.\n-   Weak password policies.\n-   Risky Entra ID conditional access policies.\n-   Stale or orphaned accounts and service principals.\n\nThis proactive approach is far more effective than waiting for a breach to occur. For organizations that require continuous monitoring beyond Purple Knight's point-in-time assessment, Semperis also offers its commercial Directory Services Protector (DSP) platform.\n\n## Detection & Response Improvements\n\nUsing **Purple Knight** enhances an organization's detection and response capabilities by shifting security left. It's a proactive hunting and hardening tool.\n\n-   **Improved Detection:** By regularly running Purple Knight scans, security teams can detect misconfigurations and security drift before they can be exploited by an attacker. The tool effectively automates the process of looking for common attack paths and weaknesses that threat actors use.\n-   **Faster Response:** The reports generated by Purple Knight provide clear, prioritized, and actionable remediation guidance. This allows security teams to focus their efforts on the most critical issues first, reducing the time to remediation.\n-   **Lessons Learned:** After a security incident, Purple Knight can be used to perform a post-mortem assessment to identify the specific AD or Entra ID weaknesses that were exploited, helping to prevent similar incidents in the future.\n\n## Mitigation Recommendations\n\n**Purple Knight** itself is a mitigation tool. The primary recommendation is for all organizations, especially those in GCC High, to download and run the tool.\n\n1.  **Regular Scanning:** Incorporate Purple Knight scans into a regular security assessment cadence (e.g., monthly or quarterly).\n2.  **Prioritize Remediation:** Use the tool's prioritized results to systematically address the identified vulnerabilities, starting with the most critical.\n3.  **Integrate with SIEM:** While Purple Knight is a point-in-time tool, the vulnerabilities it finds can be used to create targeted detection rules in a SIEM. For example, if Purple Knight identifies accounts vulnerable to Kerberoasting, you can create a detection rule to alert on the specific event IDs associated with that attack.\n4.  **Continuous Monitoring:** For organizations with higher maturity, consider commercial tools like Semperis DSP that provide continuous monitoring and automated response for the types of issues Purple Knight identifies.","✅ Semperis' Purple Knight tool now supports Microsoft GCC High environments! U.S. federal agencies & defense contractors can now use the free tool to assess their Entra ID security posture in the high-compliance cloud. 🛡️ #ActiveDirectory #EntraID #GCCHigh #InfoSec","Semperis announced that its free Active Directory and Entra ID security assessment tool, Purple Knight, now fully supports Microsoft's Government Community Cloud High (GCC High) environments.",[13,14,15],"Security Operations","Policy and Compliance","Cloud Security","informational",[18,22,25,28,30,32,34,38],{"name":19,"type":20,"url":21},"Semperis","vendor","https://www.semperis.com/",{"name":23,"type":24},"Purple Knight","product",{"name":26,"type":20,"url":27},"Microsoft","https://www.microsoft.com/",{"name":29,"type":24},"Microsoft Government Community Cloud High (GCC High)",{"name":31,"type":24},"Microsoft Entra ID",{"name":33,"type":24},"Microsoft Active Directory",{"name":35,"type":36,"url":37},"CISA","government_agency","https://www.cisa.gov",{"name":39,"type":36,"url":40},"NSA","https://www.nsa.gov",[],[43,49],{"url":44,"title":45,"date":46,"friendly_name":47,"website":48},"https://www.prnewswire.com/news-releases/purple-knight-now-delivers-comprehensive-identity-security-assessments-for-microsoft-gcc-high-environments-302122173.html","Purple Knight Now Delivers Comprehensive Identity Security Assessments for Microsoft GCC High Environments","2026-04-21","PR Newswire","prnewswire.com",{"url":50,"title":51,"date":46,"friendly_name":19,"website":52},"https://www.semperis.com/resources/webinars/emergency-communications-org-closes-ad-security-gaps-with-purple-knight/","Emergency Communications Org Closes AD Security Gaps with Purple Knight","semperis.com",[54],{"datetime":55,"summary":56},"2026-04-21T00:00:00Z","Semperis announces that Purple Knight now supports Microsoft GCC High environments.",[58,62,66],{"id":59,"name":60,"tactic":61},"T1098","Account Manipulation","Persistence",{"id":63,"name":64,"tactic":65},"T1078","Valid Accounts","Initial Access",{"id":67,"name":68,"tactic":69},"T1207","Kerberoasting","Credential Access",[71,89,106],{"id":72,"name":73,"d3fend_techniques":74,"description":87,"domain":88},"M1015","Active Directory Configuration",[75,79,83],{"id":76,"name":77,"url":78},"D3-ANCI","Authentication Cache Invalidation","https://d3fend.mitre.org/technique/d3f:AuthenticationCacheInvalidation",{"id":80,"name":81,"url":82},"D3-DTP","Domain Trust Policy","https://d3fend.mitre.org/technique/d3f:DomainTrustPolicy",{"id":84,"name":85,"url":86},"D3-UAP","User Account Permissions","https://d3fend.mitre.org/technique/d3f:UserAccountPermissions","Purple Knight helps organizations implement this mitigation by identifying and providing guidance on fixing misconfigurations in AD and Entra ID.","enterprise",{"id":90,"name":91,"d3fend_techniques":92,"description":105,"domain":88},"M1026","Privileged Account Management",[93,97,101],{"id":94,"name":95,"url":96},"D3-DAM","Domain Account Monitoring","https://d3fend.mitre.org/technique/d3f:DomainAccountMonitoring",{"id":98,"name":99,"url":100},"D3-LAM","Local Account Monitoring","https://d3fend.mitre.org/technique/d3f:LocalAccountMonitoring",{"id":102,"name":103,"url":104},"D3-SPP","Strong Password Policy","https://d3fend.mitre.org/technique/d3f:StrongPasswordPolicy","The tool identifies overly privileged accounts and other issues that this mitigation aims to address.",{"id":107,"name":108,"d3fend_techniques":109,"description":115,"domain":88},"M1027","Password Policies",[110,114],{"id":111,"name":112,"url":113},"D3-OTP","One-time Password","https://d3fend.mitre.org/technique/d3f:One-timePassword",{"id":102,"name":103,"url":104},"Purple Knight scans for weak password policies and accounts with non-expiring passwords.",[117],{"technique_id":94,"technique_name":95,"url":96,"recommendation":118,"mitre_mitigation_id":119},"The release of Purple Knight for GCC High directly enables and automates a critical aspect of Domain Account Monitoring for federal and defense organizations. Security teams should immediately integrate this tool into their quarterly or monthly security review cycle. By running Purple Knight against their on-premises Active Directory and now their Entra ID tenant in GCC High, they can proactively hunt for dangerous misconfigurations before an attacker does. The tool automates the detection of issues like dormant accounts, service principals with excessive privileges, weak password policies, and accounts vulnerable to Kerberoasting. The tactical recommendation is to schedule these scans, ingest the results into a ticketing or risk management system, assign owners for remediation, and track progress. This creates a continuous cycle of proactive hardening for the organization's most critical asset: its identity infrastructure.","M1047",[],[],[19,23,123,124,125,126,127,35],"Active Directory","Entra ID","GCC High","identity security","security assessment","2026-04-21T15:00:00.000Z","NewsArticle",{"geographic_scope":131,"countries_affected":132,"industries_affected":134,"other_affected":137},"national",[133],"United States",[135,136],"Government","Defense",[138,139,140],"U.S. federal civilian agencies","Department of Defense (DoD) organizations","Defense Industrial Base (DIB) contractors",4,1776792990588]