Want to use the free Purple Knight tool to evaluate your Entra ID security posture? To run Purple Knight in your Entra ID environment, you need to create and update the app registration in Entra ID with a defined and consented set of application permissions for the Microsoft Graph. Semperis provides a PowerShell script that automates this process.
Created by Semperis Senior Solutions Architect and Product Manager Jorge de Almeida Pinto, the script requires two PowerShell modules: Microsoft.Graph.Applications and Az.Accounts. Also, the account that you use to create the app registration must be a Global Admin.
Related Reading
How does the script support Entra ID security?
The script automates these tasks:
- Creates and updates the app registration in Entra ID for Purple Knight 1.5 to be able to scan for vulnerabilities in Entra ID
- Deletes the app registration in Entra ID
- Assigns the required Microsoft Graph application permissions and provides consent when creating or updating the app
- Creates a client secret that by default is valid for one hour when creating or updating the app (if needed, you can provide a customer lifetime in days for the client secret)
- Lists all existing client secrets from the app registration in Entra ID
- Deletes all existing client secrets from the app registration in Entra ID
- Displays the tenant ID, the application ID, the assigned and consented permissions, and the client secret to be used in the Purple Knight executable file
Ready to evaluate your Entra ID security stance? Download the script and get a full list of functions and examples at the Semperis GitHub account.
Learn more
For more insight into protecting your hybrid AD environments, see these resources:
