Purple Knight Expands Identity Security Assessments to Microsoft GCC High

Semperis extends its free, Five Eyes–recommended community tool to the cloud environment used by most U.S. federal agencies.

Semperis, the identity-driven cyber resilience and crisis response company, today announced that Purple Knight—its free, community-driven Active Directory and Entra ID security assessment tool—now fully supports Microsoft Government Community Cloud High (GCC High) environments.

This milestone expansion ensures that the tens of thousands of U.S. federal civilian agencies, Department of Defense organizations, and defense industrial base contractors operating in GCC High can, for the first time, leverage the same industry-leading identity security assessment capabilities already trusted by more than 65,000 organizations worldwide.

Recommended: AI in Enterprise Applications: From CRM to ERP Transformation

The announcement comes at a critical moment for federal cybersecurity. In 2025, the Five Eyes Alliance—comprised of the U.S. National Security Agency, the Cybersecurity and Infrastructure Security Agency, Australian Signals Directorate, Canadian Centre for Cyber Security, the United Kingdom’s National Cyber Security Centre and the New Zealand National Cyber Security Centre, updated the landmark joint advisory document Detecting and Mitigating Active Directory Compromises. The document includes threat mitigation guidance and recommends several tools to assess Active Directory security posture, including Purple Knight.

GCC High is the cloud environment purpose-built by Microsoft to meet the stringent FedRAMP High, ITAR, and DFARS compliance requirements that most government agencies must adhere to. Until now, federal agencies and defense organizations running GCC High tenants were unable to take advantage of Purple Knight’s Entra ID assessment scanning capabilities. Agencies could assess their on-premises Active Directory health but lacked the ability to extend that same assessment into their GCC High cloud identity environment.

That gap has now been closed.

“This is a gamechanger for agencies striving to meet the identity security requirements outlined by the Five Eyes guidance, Executive Order 14028, FISMA, and OMB Memorandum M-22-09—all of which demand that federal organizations adopt Zero Trust principles, harden identity systems, and continuously monitor for compromise,” said Jimmy McNary, Semperis Vice President of Federal Solutions.

“Federal agencies have been told for years that identity is the perimeter, but many still lack practical, low-friction tools to validate whether that perimeter is truly resilient,” said Dr. Ed Amoroso, CEO of TAG Cyber and former Chief Security Officer of AT&T. “Extending Purple Knight into GCC High gives federal defenders a fast, community-driven way to benchmark their hybrid identity posture against the latest Five Eyes guidance and Zero Trust expectations.”

Recommended: Enterprise AI Governance: Security, Compliance, and Trust in AI Systems

For federal agencies looking to move beyond point-in-time assessments, Semperis also offers Directory Services Protector (DSP) for continuous hybrid AD threat detection and response, Active Directory Forest Recovery (ADFR) for cyber-first disaster recovery, and Lightning Intelligence for automated, SaaS-based continuous identity security posture monitoring.

Write to us [⁠wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.