2023 Purple Knight Report: Users report low scores on Active Directory security assessment

But users report improvements as high as 64% after using expert guidance to remediate

Users of Purple Knight, the community Active Directory (AD) security vulnerability assessment tool built by Semperis experts, reported an average score of 72 out of 100 on their initial reports—a low C grade—in a 2023 survey of 150+ organizations.

While the average overall score is better this year when compared with the average score of 61% reported in the 2022 survey, the results indicate that organizations are still struggling to identify and address security vulnerabilities that leave their identity environments open to cyberattacks. These results corroborate findings from Microsoft: According to the 2022 Microsoft Digital Defense Report, 88% of Microsoft customers impacted by cyber incidents had “insecure AD configuration.”

One bright spot in this year’s report: Organizations reported score improvements averaging 40% and up to 64% following remediation efforts using expert guidance provided by Semperis’ AD security experts in the Purple Knight security assessments.

The Purple Knight AD security assessment is helping IT and security teams take action to improve overall security, including addressing AD misconfigurations, changing structure and processes to improve overall security posture, and facilitating conversations between IT and security teams.

Key findings from the 2023 survey:

• Organizations scored an average of 72 on their initial AD security assessments—better than last year’s average score of 61, but still a low C grade.
• Organizations reported an average score of 61 in the account security category, the lowest score among the seven AD categories assessed by the Purple Knight tool; 55% of organizations reported 5+ vulnerabilities in the Azure AD category
• 13% of organizations also reported 5+ security indicators in the new Azure AD category, which focuses on vulnerabilities such as inactive guest accounts and misconfigured conditional access policies
• Users reported an average of 40% improvement—and as much as 64% improvement—on subsequent assessment scores after applying the remediation guidance included in their assessments.
• Beyond using the Purple Knight results for remediation, organizations use the tool to uncover unknown vulnerabilities, communicate security posture to leaders and other teams, compensate for lack of in-house AD skills, prepare for other assessments including pen tests, and garner more resources for AD security improvements.

Despite multiple warnings from analysts, coverage of ongoing AD attacks, and urgent calls for action from their own IT teams, many organizational leaders are not prioritizing AD-specific security and recovery, leaving them vulnerable to proliferating AD-based attacks.

Want to learn more?

Check out Purple Knight free security assessment tool

Read our security research team’s blogs about AD vulnerabilities that Purple Knight addresses:

• Unconstrained Delegation in Active Directory Leaves Security Gaps
• Detecting and Mitigating the PetitPotam Attack on Windows Domains
• What You Need to Know about PrintNightmare, the Critical Windows Print Spooler Vulnerability