Enable Azure AD security assessments


Interested in using the free Purple Knight tool to assess your Azure AD security posture? To run Purple Knight in your Azure AD environment, you must create and update the application registration in Azure AD with a defined and consented set of application permissions for Microsoft Graph. Semperis provides a PowerShell script that automates this process.

Created by Semperis Senior Solutions Architect and Product Manager Jorge de Almeida Pinto, the script requires two PowerShell modules: AzureAD and Az.Accounts. Additionally, the account you use to create the app registration must be a global administrator.

How does the script support Azure AD security?

The script automates these tasks:

  • Creates and updates application registration in Azure AD for Purple Knight 1.5 to be able to scan for vulnerabilities in Azure AD
  • Removes application registration from Azure AD
  • Assigns required Microsoft Graph app permissions and consent when creating or updating the app
  • Creates a client secret which, by default, is valid for one hour when creating or updating the application (if required, you can provide a client lifetime in days for the client secret)
  • Removes all client secrets from application registration in Azure AD
  • Displays tenant ID, application ID, assigned and granted permissions, and client secret to use in the Purple Knight executable file

Ready to assess your Azure AD security posture? Download the script and get a full list of functions and examples on the Semperis GitHub account.

Learn more

For more information on protecting your hybrid AD environments, see these resources:

The post Power up Azure AD Security Assessments appeared first on Semperis.

*** This is a Semperis Security Bloggers Network syndicated blog written by the Semperis team. Read the original post at: https://www.semperis.com/blog/power-up-azure-ad-security/


About Author

Comments are closed.