Want to use the free Purple Knight tool to evaluate your Azure AD security posture? To run Purple Knight in your Azure AD environment, you need to create and update the app registration in Azure AD with a defined and consented set of application permissions for the Microsoft Graph. Semperis provides a PowerShell script that automates this process.
Created by Semperis Senior Solutions Architect and Product Manager Jorge de Almeida Pinto, the script requires two PowerShell modules: Microsoft.Graph.Applications and Az.Accounts. Also, the account that you use to create the app registration must be a Global Admin.
How does the script support Azure AD security?
The script automates these tasks:
- Creates and updates the app registration in Azure AD for Purple Knight 1.5 to be able to scan for vulnerabilities in Azure AD
- Deletes the app registration in Azure AD
- Assigns the required Microsoft Graph application permissions and provides consent when creating or updating the app
- Creates a client secret that by default is valid for one hour when creating or updating the app (if needed, you can provide a customer lifetime in days for the client secret)
- Lists all existing client secrets from the app registration in Azure AD
- Deletes all existing client secrets from the app registration in Azure AD
- Displays the tenant ID, the application ID, the assigned and consented permissions, and the client secret to be used in the Purple Knight executable file
Ready to evaluate your Azure AD security stance? Download the script and get a full list of functions and examples at the Semperis GitHub account.
For more insight into protecting your hybrid AD environments, see these resources: