Free Tool – Use Purple Knight to Get an Active Directory Security Assessment

Published: May 22, 2024

Security

SHARE ARTICLE

Learn about the benefits of the Purple Knight Active Directory (AD) security assessment and how it can help improve the security of your directory services organization, detect potential vulnerabilities, and protect your assets from ransomware, cyber attacks, data breaches, and potential data integrity emergencies.

What is Purple Knight?

Purple Knight is a purpose-built free security assessment tool from Semperis. It is designed to analyze your Windows Server Active Directory, Microsoft Entra ID, and Okta environments for common security vulnerabilities in an efficient and easy-to-understand manner. Here are the tool’s four main functions:

  1. Identify Indicators of Exposure (IoEs) and Indicators of Compromise (IoCs): This helps your organization discover IoEs and IoCs in your hybrid AD environment. (AD and Entra ID). IoEs are high-risk configuration settings that hackers can easily exploit, while IoCs can signal a real-time cyberattack.
  2. Scan for Vulnerabilities: Purple Knight scans your on-premises Active Directory, your cloud Entra ID tenant, and Okta environments and gives you a security score based on your environment across seven categories.
  3. Tracks Security Posture Over Time: You can set up periodic automatic scans with Purple Knight to stay proactive in your security fight. If left unchecked, and forgotten, you could open your environment to penetrations.
  4. Provide Remediation Guidance: The free tool offers expert, prioritized guidance on remediating found vulnerabilities. As an example, it can help you address old admin accounts that are set with un-expiring passwords.

What common security vulnerabilities does Purple Knight scan for?

Let me give you more examples of what vulnerabilities Purple Knight is designed to detect.

  • User/Admin Accounts with old passwords – Examining the last password changed attribute can quickly bring ‘old’ accounts to your attention.
  • Privileged users with weak passwords – Weak passwords can be cracked, giving attackers access to sensitive systems. This will find such accounts.
  • Non-default principals with DC Sync rights – Detecting an account that initiates a directory sync with another location or server could prevent your directory from falling into the wrong hands!
  • Accounts with elevated privileges that need review – Accounts like these could be used by attackers if not regularly reviewed and updated.

These are just a small sampling of the 150+ security indicators Purple Knight detects.

How can I be proactive with Purple Knight?

Downloading the free tool and scanning your AD and Entra ID environments is a perfect method to be proactive in this space. Instead of responding (reacting) to a security alert, you can be proactive with Purple Knight’s comprehensive set of tests.

You can then read the generated report from Purple Knight to resolve your current unidentified issues before they turn into full-blown security incidents. Remediating and securing your environments can help drastically reduce potential disaster recovery time.

More about Purple Knight on Petri.com: Learn How Organizations Are Using Semperis Purple Knight to Secure Active Directory

How does Purple Knight solve your Active Directory and Entra ID security issues?

Using its included resources, Purple Knight analyzes your hybrid active directory environment for directory vulnerabilities, misconfigurations, and then generates a report, and gives you expert remediation guidance and advice on how to remediate detected security items. Using this knowledge, you can resolve common vulnerabilities in both your Active Directory and Entra ID tenant environments.

How to use Purple Knight in 3 easy steps

Let me give you a helpful, high-level overview of installing and running Purple Knight. I will use my Hyper-V lab environment running a Windows Server 2022 Active Directory environment.

  1. First, browse the Semperis Purple Knight website and download the tool (get registered), and unzip it.
The Purple Knight homepage
The Purple Knight homepage (Image Credit: Michael Reinders/Petri.com)
  • 2. Double-click on the ‘PurpleKnight.exe‘ file to launch.
Location of downloaded Purple Knight file in File Explorer
Open the Purple Knight program to launch the tool (Image Credit: Michael Reinders/Petri.com)
  • 3. After accepting the agreement, I chose ‘Active Directory‘ as my environment choice and selected my ‘reinders.local’ domain. I left the defaults for the ‘Indicators‘ to use and clicked ‘RUN TESTS
The Purple Knight tool in process
The Purple Knight tool in process… (Image Credit: Michael Reinders/Petri.com)

Well, looks like I have some work to do. Your Purple Knight report is shown in your browser and saved locally on your computer.

The overall report score dashboard
The overall report score dashboard (Image Credit: Michael Reinders/Petri.com)

I clicked ‘View Report’ and it opened in my browser.

Your free security report right in your browser
Your free security report right in your browser (Image Credit: Michael Reinders/Petri.com)

Feel free to run the report against your Microsoft Entra ID and Active Directory environments to learn more.

How much does Semperis Purple Knight cost?

There is no cost to downloading and using Purple Knight.

Conclusion

Semperis Purple Knight is a comprehensive, powerful, and free tool to help you assess your security posture with Active Directory and Entra ID. With its ability to scan for over 150+ security indicators of exposure (IoEs) or compromise (IoCs), it provides a thorough evaluation of your hybrid AD environment, helping to identify and rectify vulnerabilities before they can be exploited.

Start your journey towards a more secure Active Directory and Entra ID environment with Purple Knight today. Petri also has a comprehensive list of free Active Directory tools if you want to check out what else is available.

SHARE ARTICLE