Purple Knight Now Delivers Comprehensive Identity Security Assessments for Microsoft GCC High Environments

News provided by

Apr 21, 2026, 09:00 ET

Semperis extends its free, Five Eyes–recommended community tool to the cloud environment used by most U.S. federal agencies.

HOBOKEN, N.J., April 21, 2026 /PRNewswire/ -- Semperis, the identity-driven cyber resilience and crisis response company, today announced that Purple Knight—its free, community-driven Active Directory and Entra ID security assessment tool—now fully supports Microsoft Government Community Cloud High (GCC High) environments.

This milestone expansion ensures that the tens of thousands of U.S. federal civilian agencies, Department of Defense organizations, and defense industrial base contractors operating in GCC High can, for the first time, leverage the same industry-leading identity security assessment capabilities already trusted by more than 65,000 organizations worldwide.

The announcement comes at a critical moment for federal cybersecurity. In 2025, the Five Eyes Alliance—comprised of the U.S. National Security Agency, the Cybersecurity and Infrastructure Security Agency, Australian Signals Directorate, Canadian Centre for Cyber Security, the United Kingdom's National Cyber Security Centre and the New Zealand National Cyber Security Centre, updated the landmark joint advisory document Detecting and Mitigating Active Directory Compromises. The document includes threat mitigation guidance and recommends several tools to assess Active Directory security posture, including Purple Knight.

GCC High is the cloud environment purpose-built by Microsoft to meet the stringent FedRAMP High, ITAR, and DFARS compliance requirements that most government agencies must adhere to. Until now, federal agencies and defense organizations running GCC High tenants were unable to take advantage of Purple Knight's Entra ID assessment scanning capabilities. Agencies could assess their on-premises Active Directory health but lacked the ability to extend that same assessment into their GCC High cloud identity environment.

That gap has now been closed.

"This is a gamechanger for agencies striving to meet the identity security requirements outlined by the Five Eyes guidance, Executive Order 14028, FISMA, and OMB Memorandum M-22-09—all of which demand that federal organizations adopt Zero Trust principles, harden identity systems, and continuously monitor for compromise," said Jimmy McNary, Semperis Vice President of Federal Solutions.

"Federal agencies have been told for years that identity is the perimeter, but many still lack practical, low-friction tools to validate whether that perimeter is truly resilient," said Dr. Ed Amoroso, CEO of TAG Cyber and former Chief Security Officer of AT&T. "Extending Purple Knight into GCC High gives federal defenders a fast, community-driven way to benchmark their hybrid identity posture against the latest Five Eyes guidance and Zero Trust expectations."

For federal agencies looking to move beyond point-in-time assessments, Semperis also offers Directory Services Protector (DSP) for continuous hybrid AD threat detection and response, Active Directory Forest Recovery (ADFR) for cyber-first disaster recovery, and Lightning Intelligence for automated, SaaS-based continuous identity security posture monitoring.

To download Purple Knight, visit: purple-knight.com.

About Purple Knight
Purple Knight is a free Active Directory security assessment tool developed by Semperis identity security experts that has been downloaded by 65,000 organizations.
Purple Knight scans the Active Directory environment for 210+ security indicators of exposure or compromise, maps findings to the MITRE ATT&CK and ANSSI frameworks and provides prioritized and expert remediation guidance. Users receive a graphical report with an overall score, 7 category scores, and guidance on how to remediate security risks.

About Semperis
Semperis is the identity-driven cyber resilience and crisis management company trusted by the world's largest enterprises and government agencies to protect critical identity systems. Purpose-built for multi-cloud and hybrid identity environments—including Active Directory, Entra ID, Okta, and Ping Identity—Semperis helps organizations prevent, detect, respond to, and recover from identity-based cyberattacks.

Modern cyberattacks are won or lost at the identity layer, where failures now escalate into full-scale business crises. Semperis' AI-powered platform unifies identity lifecycle defense and crisis management—hardening identity infrastructure, detecting and containing active threats, enabling rapid, trusted recovery, and supporting secure, out-of-band coordination when core systems are disrupted—all reinforced by a world-class identity forensics and incident response team.

As part of its mission to help organizations achieve true cyber resilience, Semperis supports the broader cyber community through the award-winning Hybrid Identity Protection (HIP) Conference and Podcast and free identity security tools including Purple Knight and Forest Druid. More than 1,200 organizations—including 25% of the 100 largest U.S. companies—rely on Semperis. The company is privately held, headquartered in Hoboken, New Jersey, and serves customers in more than 40 countries.

Learn more: semperis.com
Follow us: Blog / LinkedIn / X / Facebook / YouTube