The Ongoing Struggle to Secure Hybrid AD and Entra ID Environments
Despite increased awareness of AD and Entra ID as a primary attack target, organizations continue to struggle to adequately secure their hybrid AD environments. Purple Knight users who responded to an online survey conducted by Semperis reported an average initial security assessment score of 61%—a nearly failing grade.
The survey findings, in addition to in-person interviews with IT and security team members, point to continued challenges in adequately securing hybrid AD and Entra ID identity systems for organizations across every industry sector.
However, IT and security teams are using the Purple Knight assessment results to make positive changes in their identity system posture. Respondents reported that using Purple Knight’s remediation guidance has helped them close security gaps—raising scores by an average of 21 points and by as much as 61 points—and providing a framework for systematically addressing misconfigurations that can open doors for threat actors.
Key findings:
- Average initial Purple Knight score reported was 61%, a nearly failing grade.
- By applying remediation guidance provided in the Purple Knight report, organizations were able to improve their scores by an average of 21 points up to a top improvement of 61 points.
- Survey respondents reported the worst scores in the category of AD infrastructure security, pointing to increased complications managing AD Certificate Services (ADCS), which were targeted in the APT29 attack (also known as Midnight Blizzard).
- Government agencies reported the lowest scores among industry sectors, highlighting a lack of resources for addressing identity security.
- Teams responsible for AD and Entra ID reported lack of familiarity with Entra ID security best practices.
