API Reference
Enum
PurpleKnightDoc
Purple Knight indicator identifiers used to cross-reference rules with vendor content.
Inheritance
- Enum
- PurpleKnightDoc
Usage
This type appears in these public API surfaces even when no hand-authored example is attached directly to the page.
Returned or exposed by
- Field PurpleKnightDoc.AbnormalPasswordRefresh
- Field PurpleKnightDoc.AccountswithaltSecurityIdentitiesconfigured
- Field PurpleKnightDoc.AccountswithConstrainedDelegationconfiguredtoghostSPN
- Field PurpleKnightDoc.AccountswithConstrainedDelegationconfiguredtokrbtgt
- Field PurpleKnightDoc.ADCertificateAuthoritywithWebEnrollmentESC8
- Field PurpleKnightDoc.Administrativeunitsarenotbeingused
- Field PurpleKnightDoc.Adminswitholdpasswords
- Field PurpleKnightDoc.ADobjectscreatedwithinthelast10days
- Field PurpleKnightDoc.ADprivilegedusersthataresyncedtoEntraID
- Field PurpleKnightDoc.AnonymousaccesstoActiveDirectoryenabled
- Field PurpleKnightDoc.AnonymousNSPIaccesstoADenabled
- Field PurpleKnightDoc.Applicationexpiredsecretsandcertificates
- Field PurpleKnightDoc.Applicationinstancepropertylockdisabled
- Field PurpleKnightDoc.ApplicationnameandgeographiclocationadditionalcontextsaredisabledonMFA
- Field PurpleKnightDoc.BuiltindomainAdministratoraccountusedwithinthelasttwoweeks
- Field PurpleKnightDoc.BuiltindomainAdministratoraccountwitholdpassword180days
- Field PurpleKnightDoc.Builtinguestaccountisenabled
- Field PurpleKnightDoc.CertificateBasedAuthenticationPersistence
- Field PurpleKnightDoc.CertificatetemplatesthatallowrequesterstospecifyasubjectAltName
- Field PurpleKnightDoc.Certificatetemplateswith3ormoreinsecureconfigurations
- Field PurpleKnightDoc.ChangestoADDisplaySpecifiersinthepast90days
- Field PurpleKnightDoc.ChangestoDefaultDomainPolicyorDefaultDomainControllersPolicyinthelast7days
- Field PurpleKnightDoc.Changestodefaultsecuritydescriptorschemainthelast90days
- Field PurpleKnightDoc.ChangestoMSLAPSreadpermissions
- Field PurpleKnightDoc.ChangestoPreWindows2000CompatibleAccessGroupmembership
- Field PurpleKnightDoc.Changestoprivilegedgroupmembershipinthelast7days
- Field PurpleKnightDoc.Changestounprivilegedgroupmembershipinthelast7days
- Field PurpleKnightDoc.Checkforguestshavingpermissiontoinviteotherguests
- Field PurpleKnightDoc.CheckforriskyAPIpermissionsgrantedtoapplicationserviceprincipals
- Field PurpleKnightDoc.CheckforuserswithweakornoMFA
- Field PurpleKnightDoc.Checkiflegacyauthenticationisallowed
- Field PurpleKnightDoc.ComputerAccountsinPrivilegedGroups
- Field PurpleKnightDoc.ComputeraccounttakeoverthroughKerberosResourceBasedConstrainedDelegationRBCD
- Field PurpleKnightDoc.ComputeroruseraccountswithSPNthathaveunconstraineddelegation
- Field PurpleKnightDoc.ComputerswitholderOSversions
- Field PurpleKnightDoc.Computerswithpasswordlastsetover90daysago
- Field PurpleKnightDoc.ConditionalAccesspoliciescontainprivateIPaddresses
- Field PurpleKnightDoc.ConditionalAccesspoliciesthatcontainMFATrustedIPs
- Field PurpleKnightDoc.ConditionalAccessPolicydoesnotrequireMFAonprivilegedaccounts
- Field PurpleKnightDoc.ConditionalAccessPolicythatdisableadmintokenpersistence
- Field PurpleKnightDoc.ConditionalAccessPolicythatdoesnotrequireapasswordchangefromhighriskusers
- Field PurpleKnightDoc.ConditionalAccessPolicythatdoesnotrequireMFAwhensigninriskhasbeenidentified
- Field PurpleKnightDoc.ConditionalAccesspolicywithContinuousAccessEvaluationdisabled
- Field PurpleKnightDoc.Custombannedpasswordprotectionnotinuse
- Field PurpleKnightDoc.Dangerouscontrolpathsexposecertificatecontainers
- Field PurpleKnightDoc.Dangerouscontrolpathsexposecertificatetemplates
- Field PurpleKnightDoc.DangerousGPOlogonscriptpath
- Field PurpleKnightDoc.DangerousTrustAttributeSet
- Field PurpleKnightDoc.DangeroususerrightsgrantedbyGPO
- Field PurpleKnightDoc.DetectMFApolicychangesforgroupsandusers
- Field PurpleKnightDoc.DistributedCOMUsersgrouporPerformanceLogUsersgrouparenotempty
- Field PurpleKnightDoc.DomainControllerownerisnotanadministrator
- Field PurpleKnightDoc.DomainControllersininconsistentstate
- Field PurpleKnightDoc.DomainControllersthathavenotauthenticatedtothedomainformorethan45days
- Field PurpleKnightDoc.DomainControllerswitholdpasswords
- Field PurpleKnightDoc.DomainControllerswithResourceBasedConstrainedDelegationRBCDenabled
- Field PurpleKnightDoc.Domainswithobsoletefunctionallevels
- Field PurpleKnightDoc.Domaintrusttoathirdpartydomainwithoutquarantine
- Field PurpleKnightDoc.Enabledadminaccountsthatareinactive
- Field PurpleKnightDoc.EnsureallnonprivilegeduserscancompleteMFA
- Field PurpleKnightDoc.EnterpriseapplicationsusingSAMLforSSO
- Field PurpleKnightDoc.EnterpriseKeyAdminswithfullaccesstodomain
- Field PurpleKnightDoc.EntraConnectsyncaccountpasswordreset
- Field PurpleKnightDoc.EntracustomRoleswithriskypermissions
- Field PurpleKnightDoc.EntraIDprivilegedusersthatarealsoprivilegedinAD
- Field PurpleKnightDoc.EntratenantissusceptibletoHiddenConsentGrantattack
- Field PurpleKnightDoc.EphemeralAdmins
- Field PurpleKnightDoc.EvidenceofMimikatzDCShadowattack
- Field PurpleKnightDoc.FGPPnotappliedtoGlobalgroup
- Field PurpleKnightDoc.FIDO2Attestationisnotenforced
- Field PurpleKnightDoc.ForeignSecurityPrincipalsinPrivilegedGroup
- Field PurpleKnightDoc.Forestcontainsmorethan50privilegedaccounts
- Field PurpleKnightDoc.GlobalAdministratorsthatsignedinduringthelast14days
- Field PurpleKnightDoc.GMSAnotinuse
- Field PurpleKnightDoc.GMSAobjectswitholdpasswords
- Field PurpleKnightDoc.GPOlinkingdelegationattheADSitelevel
- Field PurpleKnightDoc.GPOlinkingdelegationatthedomaincontrollerOUlevel
- Field PurpleKnightDoc.GPOlinkingdelegationatthedomainlevel
- Field PurpleKnightDoc.GPOWeakLMHashstorageenabled
- Field PurpleKnightDoc.GPOwithScheduledTasksconfigured
- Field PurpleKnightDoc.Guestaccountsthatwereinactiveformorethan30days
- Field PurpleKnightDoc.Guestinvitesnotacceptedinlast30day
- Field PurpleKnightDoc.Guestusersarenotrestricted
- Field PurpleKnightDoc.Highprivilegedcustomroles
- Field PurpleKnightDoc.InheritanceenabledonAdminSDHolderobject
- Field PurpleKnightDoc.KerberosKRBTGTaccountwitholdpassword
- Field PurpleKnightDoc.Kerberosprotocoltransitiondelegationconfigured
- Field PurpleKnightDoc.KrbtgtaccountwithResourceBasedConstrainedDelegationRBCDenabled
- Field PurpleKnightDoc.LDAPsigningisnotrequiredonDomainControllers
- Field PurpleKnightDoc.Lessthan2GlobalAdministratorsexist
- Field PurpleKnightDoc.ListofRiskyusersmediumorhighlevel
- Field PurpleKnightDoc.MFAbombingattackoccurredinthepastday
- Field PurpleKnightDoc.MFAnotconfiguredforprivilegedaccounts
- Field PurpleKnightDoc.Morethan10PrivilegedAdministratorsexist
- Field PurpleKnightDoc.Morethan5GlobalAdministratorsexist
- Field PurpleKnightDoc.NewAPItokenwascreated
- Field PurpleKnightDoc.Newpermissionhasbeengrantedtoagroup
- Field PurpleKnightDoc.Newpermissionhasbeengrantedtoauser
- Field PurpleKnightDoc.NewSuperAdminpermissionhasbeengrantedtoagroup
- Field PurpleKnightDoc.NewSuperAdminpermissionhasbeengrantedtoauser
- Field PurpleKnightDoc.Nonadminuserscancreatetenants
- Field PurpleKnightDoc.Nonadminuserscanregistercustomapplications
- Field PurpleKnightDoc.NondefaultaccesstoDPAPIkey
- Field PurpleKnightDoc.NondefaultprincipalswithDCSyncrightsonthedomain
- Field PurpleKnightDoc.NondefaultvalueonmsMcsAdmPwdSearchFlags
- Field PurpleKnightDoc.NonprivilegeduserswithaccesstogMSApasswords
- Field PurpleKnightDoc.Nonstandardschemapermissions
- Field PurpleKnightDoc.NonsyncedEntrauserthatiseligibleforaprivilegedrole
- Field PurpleKnightDoc.NTFRSSYSVOLReplication
- Field PurpleKnightDoc.ObjectsinprivilegedgroupswithoutadminCount1SDProp
- Field PurpleKnightDoc.Objectswithconstraineddelegationconfigured
- Field PurpleKnightDoc.ObjectswithReanimateTombstonesextendedright
- Field PurpleKnightDoc.OperatorgroupsnolongerprotectedbyAdminSDHolderandSDProp
- Field PurpleKnightDoc.OperatorsGroupsthatarenotempty
- Field PurpleKnightDoc.OUpermissionsenablingBadSuccessordMSAescalation
- Field PurpleKnightDoc.OutboundforesttrustwithSIDHistoryenabled
- Field PurpleKnightDoc.Passwordhashsynchronizationisnotenabled
- Field PurpleKnightDoc.Passwordpolicycheck
- Field PurpleKnightDoc.PermanentActivePrivilegedRoleAssignment
- Field PurpleKnightDoc.PermissionchangesonAdminSDHolderobject
- Field PurpleKnightDoc.PrimaryuserswithSPNnotsupportingAESencryptiononKerberos
- Field PurpleKnightDoc.PrincipalswithconstrainedauthenticationdelegationenabledforaDCservice
- Field PurpleKnightDoc.PrincipalswithconstraineddelegationusingprotocoltransitionenabledforaDCservice
- Field PurpleKnightDoc.PrintspoolerserviceisenabledonaDC
- Field PurpleKnightDoc.Privilegedaccountswithapasswordthatneverexpires
- Field PurpleKnightDoc.Privilegedaccountswithmailbox
- Field PurpleKnightDoc.Privilegedgroupcontainsguestaccount
- Field PurpleKnightDoc.Privilegedobjectswithunprivilegedowners
- Field PurpleKnightDoc.PrivilegedusercredentialscachedonRODC
- Field PurpleKnightDoc.Privilegedusersthataredisabled
- Field PurpleKnightDoc.PrivilegeduserswithSPNdefined
- Field PurpleKnightDoc.PrivilegedUserswithWeakPasswordPolicy
- Field PurpleKnightDoc.ProhibitedEntraIDRolesAssigned
- Field PurpleKnightDoc.ProtectedUsersgroupnotinuse
- Field PurpleKnightDoc.QuerypoliciesthathavetheattributeofLDAPdenylistset
- Field PurpleKnightDoc.RC4orDESencryptiontypearesupportedbyDomainControllers
- Field PurpleKnightDoc.Recentprivilegedaccountcreationactivity
- Field PurpleKnightDoc.RecentSIDHistorychangesonobjects
- Field PurpleKnightDoc.ReportsuspiciousMFAactivitydisabled
- Field PurpleKnightDoc.ResourceBasedConstrainedDelegationappliedtoAZUREADSSOACCaccount
- Field PurpleKnightDoc.ReversiblepasswordsfoundinGPOs
- Field PurpleKnightDoc.RiskyRODCcredentialcaching
- Field PurpleKnightDoc.Securitydefaultsnotenabled
- Field PurpleKnightDoc.Securityquestionsareinuse
- Field PurpleKnightDoc.Selfservicepasswordresetenabledforprivilegedroles
- Field PurpleKnightDoc.ShadowCredentialsonprivilegedobjects
- Field PurpleKnightDoc.Smartcardpasswordrotationdisabled
- Field PurpleKnightDoc.SMBSigningisnotrequiredonDomainControllers
- Field PurpleKnightDoc.SMBv1isenabledonDomainControllers
- Field PurpleKnightDoc.SSOcomputeraccountwithpasswordlastsetover90daysago
- Field PurpleKnightDoc.SuspiciouscredentialsonMicrosoftserviceprincipals
- Field PurpleKnightDoc.SuspiciousDirectorySynchronizationAccountsrolemember
- Field PurpleKnightDoc.SYSVOLExecutableChanges
- Field PurpleKnightDoc.Trustaccountswitholdpasswords
- Field PurpleKnightDoc.UnexpectedaccountsinCertPublishersGroup
- Field PurpleKnightDoc.UnprivilegedaccountswithadminCount1
- Field PurpleKnightDoc.Unprivilegedownerofaprivilegedgroup
- Field PurpleKnightDoc.UnprivilegedprincipalsasDNSAdmins
- Field PurpleKnightDoc.Unprivilegeduserscanaddcomputeraccountstothedomain
- Field PurpleKnightDoc.UnresolvedEntraIDprivilegedrolemembers
- Field PurpleKnightDoc.Unrestricteduserconsentallowed
- Field PurpleKnightDoc.UnsecuredDNSconfiguration
- Field PurpleKnightDoc.Useraccountsthatstorepasswordswithreversibleencryption
- Field PurpleKnightDoc.UseraccountsthatuseDESencryption
- Field PurpleKnightDoc.UseraccountsusingSmartCardauthenticationwitholdpassword
- Field PurpleKnightDoc.Useraccountswithpasswordnotrequired
- Field PurpleKnightDoc.Useractivationinthelast7days
- Field PurpleKnightDoc.Userconsentisallowedforriskyapplications
- Field PurpleKnightDoc.Userdeactivationinthelast7days
- Field PurpleKnightDoc.UsersandcomputerswithnondefaultPrimaryGroupIDs
- Field PurpleKnightDoc.UsersandcomputerswithoutreadablePGID
- Field PurpleKnightDoc.Usersarenotusingtheirprivilegedroles
- Field PurpleKnightDoc.Userscancreatesecuritygroups
- Field PurpleKnightDoc.Usersordevicesinactiveforatleast90days
- Field PurpleKnightDoc.UserswithKerberospreauthenticationdisabled
- Field PurpleKnightDoc.Userswitholdpasswords
- Field PurpleKnightDoc.UserswithoutMultiFactorAuthenticationMFA
- Field PurpleKnightDoc.UserswithPasswordNeverExpiresflagset
- Field PurpleKnightDoc.UserswithpermissionstosetServerTrustAccount
- Field PurpleKnightDoc.UserswithSPNdefined
- Field PurpleKnightDoc.UserswiththeattributeuserPasswordset
- Field PurpleKnightDoc.Weakcertificatecipher
- Field PurpleKnightDoc.WellknownprivilegedSIDsinSIDHistory
- Field PurpleKnightDoc.WritableshortcutsfoundinGPO
- Field PurpleKnightDoc.WriteaccesstoRBCDonDC
- Field PurpleKnightDoc.WriteaccesstoRBCDonkrbtgtaccount
- Field PurpleKnightDoc.Zerologonvulnerability
Accepted by parameters
- Extension method PurpleKnightDoc.Id
- Method PurpleKnightDocExt.Id
Inherited Methods
public override sealed Int32 CompareTo(Object target) #Returns:
Int32Inherited from Enum
Parameters
- target Object
public override sealed String ToString(String format, IFormatProvider provider) #Returns:
StringInherited from Enum
Obsolete("The provider argument is not used. Use ToString(String) instead.")Parameters
- format String
Values
public const PurpleKnightDoc Unprivilegeduserscanaddcomputeraccountstothedomain #Value:
0public const PurpleKnightDoc Builtinguestaccountisenabled #Value:
1public const PurpleKnightDoc EvidenceofMimikatzDCShadowattack #Value:
2public const PurpleKnightDoc UsersandcomputerswithnondefaultPrimaryGroupIDs #Value:
3public const PurpleKnightDoc ReversiblepasswordsfoundinGPOs #Value:
4public const PurpleKnightDoc ComputeroruseraccountswithSPNthathaveunconstraineddelegation #Value:
5public const PurpleKnightDoc KerberosKRBTGTaccountwitholdpassword #Value:
6public const PurpleKnightDoc NondefaultvalueonmsMcsAdmPwdSearchFlags #Value:
7public const PurpleKnightDoc PrivilegeduserswithSPNdefined #Value:
8public const PurpleKnightDoc ProtectedUsersgroupnotinuse #Value:
9public const PurpleKnightDoc NondefaultprincipalswithDCSyncrightsonthedomain #Value:
10public const PurpleKnightDoc RiskyRODCcredentialcaching #Value:
11public const PurpleKnightDoc WellknownprivilegedSIDsinSIDHistory #Value:
12public const PurpleKnightDoc UnprivilegedprincipalsasDNSAdmins #Value:
13public const PurpleKnightDoc Privilegedobjectswithunprivilegedowners #Value:
14public const PurpleKnightDoc Custombannedpasswordprotectionnotinuse #Value:
15public const PurpleKnightDoc UserswithKerberospreauthenticationdisabled #Value:
16public const PurpleKnightDoc BuiltindomainAdministratoraccountusedwithinthelasttwoweeks #Value:
17public const PurpleKnightDoc UserswithPasswordNeverExpiresflagset #Value:
18public const PurpleKnightDoc AnonymousaccesstoActiveDirectoryenabled #Value:
19public const PurpleKnightDoc ComputeraccounttakeoverthroughKerberosResourceBasedConstrainedDelegationRBCD #Value:
20public const PurpleKnightDoc GPOlinkingdelegationatthedomainlevel #Value:
21public const PurpleKnightDoc Recentprivilegedaccountcreationactivity #Value:
22public const PurpleKnightDoc UnprivilegedaccountswithadminCount1 #Value:
23public const PurpleKnightDoc ChangestoMSLAPSreadpermissions #Value:
24public const PurpleKnightDoc Zerologonvulnerability #Value:
25public const PurpleKnightDoc Userswitholdpasswords #Value:
26public const PurpleKnightDoc Enabledadminaccountsthatareinactive #Value:
27public const PurpleKnightDoc Privilegedusersthataredisabled #Value:
28public const PurpleKnightDoc GPOlinkingdelegationatthedomaincontrollerOUlevel #Value:
29public const PurpleKnightDoc GPOlinkingdelegationattheADSitelevel #Value:
30public const PurpleKnightDoc UserswithSPNdefined #Value:
31public const PurpleKnightDoc Changestoprivilegedgroupmembershipinthelast7days #Value:
32public const PurpleKnightDoc ADobjectscreatedwithinthelast10days #Value:
33public const PurpleKnightDoc Securityquestionsareinuse #Value:
34public const PurpleKnightDoc ObjectsinprivilegedgroupswithoutadminCount1SDProp #Value:
35public const PurpleKnightDoc Changestodefaultsecuritydescriptorschemainthelast90days #Value:
36public const PurpleKnightDoc ChangestoDefaultDomainPolicyorDefaultDomainControllersPolicyinthelast7days #Value:
37public const PurpleKnightDoc BuiltindomainAdministratoraccountwitholdpassword180days #Value:
38public const PurpleKnightDoc DomainControllerownerisnotanadministrator #Value:
39public const PurpleKnightDoc Domainswithobsoletefunctionallevels #Value:
40public const PurpleKnightDoc AnonymousNSPIaccesstoADenabled #Value:
41public const PurpleKnightDoc OperatorgroupsnolongerprotectedbyAdminSDHolderandSDProp #Value:
42public const PurpleKnightDoc ComputerswitholderOSversions #Value:
43public const PurpleKnightDoc PermissionchangesonAdminSDHolderobject #Value:
44public const PurpleKnightDoc EnterpriseKeyAdminswithfullaccesstodomain #Value:
45public const PurpleKnightDoc Objectswithconstraineddelegationconfigured #Value:
46public const PurpleKnightDoc Kerberosprotocoltransitiondelegationconfigured #Value:
47public const PurpleKnightDoc Computerswithpasswordlastsetover90daysago #Value:
48public const PurpleKnightDoc RecentSIDHistorychangesonobjects #Value:
49public const PurpleKnightDoc ComputerAccountsinPrivilegedGroups #Value:
50public const PurpleKnightDoc Adminswitholdpasswords #Value:
51public const PurpleKnightDoc DomainControllerswitholdpasswords #Value:
52public const PurpleKnightDoc Forestcontainsmorethan50privilegedaccounts #Value:
53public const PurpleKnightDoc PrincipalswithconstraineddelegationusingprotocoltransitionenabledforaDCservice #Value:
54public const PurpleKnightDoc DomainControllerswithResourceBasedConstrainedDelegationRBCDenabled #Value:
55public const PurpleKnightDoc Privilegedaccountswithapasswordthatneverexpires #Value:
56public const PurpleKnightDoc Trustaccountswitholdpasswords #Value:
57public const PurpleKnightDoc DomainControllersininconsistentstate #Value:
58public const PurpleKnightDoc PrincipalswithconstrainedauthenticationdelegationenabledforaDCservice #Value:
59public const PurpleKnightDoc KrbtgtaccountwithResourceBasedConstrainedDelegationRBCDenabled #Value:
60public const PurpleKnightDoc GMSAobjectswitholdpasswords #Value:
61public const PurpleKnightDoc DomainControllersthathavenotauthenticatedtothedomainformorethan45days #Value:
62public const PurpleKnightDoc Useraccountswithpasswordnotrequired #Value:
63public const PurpleKnightDoc UseraccountsthatuseDESencryption #Value:
64public const PurpleKnightDoc Useraccountsthatstorepasswordswithreversibleencryption #Value:
65public const PurpleKnightDoc PrintspoolerserviceisenabledonaDC #Value:
66public const PurpleKnightDoc UsersandcomputerswithoutreadablePGID #Value:
67public const PurpleKnightDoc WriteaccesstoRBCDonDC #Value:
68public const PurpleKnightDoc WriteaccesstoRBCDonkrbtgtaccount #Value:
69public const PurpleKnightDoc Nonstandardschemapermissions #Value:
70public const PurpleKnightDoc ChangestoADDisplaySpecifiersinthepast90days #Value:
71public const PurpleKnightDoc NonprivilegeduserswithaccesstogMSApasswords #Value:
72public const PurpleKnightDoc GMSAnotinuse #Value:
73public const PurpleKnightDoc UnsecuredDNSconfiguration #Value:
74public const PurpleKnightDoc Weakcertificatecipher #Value:
75public const PurpleKnightDoc Domaintrusttoathirdpartydomainwithoutquarantine #Value:
76public const PurpleKnightDoc OutboundforesttrustwithSIDHistoryenabled #Value:
77public const PurpleKnightDoc UserswithpermissionstosetServerTrustAccount #Value:
78public const PurpleKnightDoc Dangerouscontrolpathsexposecertificatetemplates #Value:
79public const PurpleKnightDoc Dangerouscontrolpathsexposecertificatecontainers #Value:
80public const PurpleKnightDoc NondefaultaccesstoDPAPIkey #Value:
81public const PurpleKnightDoc ReportsuspiciousMFAactivitydisabled #Value:
82public const PurpleKnightDoc ADCertificateAuthoritywithWebEnrollmentESC8 #Value:
83public const PurpleKnightDoc PrivilegedUserswithWeakPasswordPolicy #Value:
84public const PurpleKnightDoc NTFRSSYSVOLReplication #Value:
85public const PurpleKnightDoc AbnormalPasswordRefresh #Value:
86public const PurpleKnightDoc AccountswithConstrainedDelegationconfiguredtokrbtgt #Value:
87public const PurpleKnightDoc AccountswithConstrainedDelegationconfiguredtoghostSPN #Value:
88public const PurpleKnightDoc SYSVOLExecutableChanges #Value:
89public const PurpleKnightDoc AccountswithaltSecurityIdentitiesconfigured #Value:
90public const PurpleKnightDoc FGPPnotappliedtoGlobalgroup #Value:
91public const PurpleKnightDoc ChangestoPreWindows2000CompatibleAccessGroupmembership #Value:
92public const PurpleKnightDoc NonsyncedEntrauserthatiseligibleforaprivilegedrole #Value:
93public const PurpleKnightDoc InheritanceenabledonAdminSDHolderobject #Value:
94public const PurpleKnightDoc DangerousTrustAttributeSet #Value:
95public const PurpleKnightDoc EphemeralAdmins #Value:
96public const PurpleKnightDoc Guestaccountsthatwereinactiveformorethan30days #Value:
97public const PurpleKnightDoc SuspiciousDirectorySynchronizationAccountsrolemember #Value:
98public const PurpleKnightDoc ResourceBasedConstrainedDelegationappliedtoAZUREADSSOACCaccount #Value:
99public const PurpleKnightDoc Checkiflegacyauthenticationisallowed #Value:
100public const PurpleKnightDoc Administrativeunitsarenotbeingused #Value:
101public const PurpleKnightDoc Securitydefaultsnotenabled #Value:
102public const PurpleKnightDoc MFAnotconfiguredforprivilegedaccounts #Value:
103public const PurpleKnightDoc Unrestricteduserconsentallowed #Value:
104public const PurpleKnightDoc ConditionalAccessPolicythatdoesnotrequireapasswordchangefromhighriskusers #Value:
105public const PurpleKnightDoc ForeignSecurityPrincipalsinPrivilegedGroup #Value:
106public const PurpleKnightDoc Privilegedgroupcontainsguestaccount #Value:
107public const PurpleKnightDoc Checkforguestshavingpermissiontoinviteotherguests #Value:
108public const PurpleKnightDoc CheckforriskyAPIpermissionsgrantedtoapplicationserviceprincipals #Value:
109public const PurpleKnightDoc CheckforuserswithweakornoMFA #Value:
110public const PurpleKnightDoc SSOcomputeraccountwithpasswordlastsetover90daysago #Value:
111public const PurpleKnightDoc ConditionalAccessPolicydoesnotrequireMFAonprivilegedaccounts #Value:
112public const PurpleKnightDoc EntraConnectsyncaccountpasswordreset #Value:
113public const PurpleKnightDoc ConditionalAccesspoliciesthatcontainMFATrustedIPs #Value:
114public const PurpleKnightDoc GlobalAdministratorsthatsignedinduringthelast14days #Value:
115public const PurpleKnightDoc PrivilegedusercredentialscachedonRODC #Value:
116public const PurpleKnightDoc ConditionalAccessPolicythatdisableadmintokenpersistence #Value:
117public const PurpleKnightDoc Smartcardpasswordrotationdisabled #Value:
118public const PurpleKnightDoc OperatorsGroupsthatarenotempty #Value:
119public const PurpleKnightDoc RC4orDESencryptiontypearesupportedbyDomainControllers #Value:
120public const PurpleKnightDoc PrimaryuserswithSPNnotsupportingAESencryptiononKerberos #Value:
121public const PurpleKnightDoc LDAPsigningisnotrequiredonDomainControllers #Value:
122public const PurpleKnightDoc SMBSigningisnotrequiredonDomainControllers #Value:
123public const PurpleKnightDoc SMBv1isenabledonDomainControllers #Value:
124public const PurpleKnightDoc Certificatetemplateswith3ormoreinsecureconfigurations #Value:
125public const PurpleKnightDoc CertificatetemplatesthatallowrequesterstospecifyasubjectAltName #Value:
126public const PurpleKnightDoc EntraIDprivilegedusersthatarealsoprivilegedinAD #Value:
127public const PurpleKnightDoc Nonadminuserscanregistercustomapplications #Value:
128public const PurpleKnightDoc Guestusersarenotrestricted #Value:
129public const PurpleKnightDoc ADprivilegedusersthataresyncedtoEntraID #Value:
130public const PurpleKnightDoc Morethan5GlobalAdministratorsexist #Value:
131public const PurpleKnightDoc Guestinvitesnotacceptedinlast30day #Value:
132public const PurpleKnightDoc ConditionalAccesspolicywithContinuousAccessEvaluationdisabled #Value:
133public const PurpleKnightDoc Userscancreatesecuritygroups #Value:
134public const PurpleKnightDoc ConditionalAccesspoliciescontainprivateIPaddresses #Value:
135public const PurpleKnightDoc ConditionalAccessPolicythatdoesnotrequireMFAwhensigninriskhasbeenidentified #Value:
136public const PurpleKnightDoc ObjectswithReanimateTombstonesextendedright #Value:
137public const PurpleKnightDoc GPOWeakLMHashstorageenabled #Value:
138public const PurpleKnightDoc WritableshortcutsfoundinGPO #Value:
139public const PurpleKnightDoc OUpermissionsenablingBadSuccessordMSAescalation #Value:
140public const PurpleKnightDoc Changestounprivilegedgroupmembershipinthelast7days #Value:
141public const PurpleKnightDoc ApplicationnameandgeographiclocationadditionalcontextsaredisabledonMFA #Value:
142public const PurpleKnightDoc Nonadminuserscancreatetenants #Value:
143public const PurpleKnightDoc Usersordevicesinactiveforatleast90days #Value:
144public const PurpleKnightDoc Userconsentisallowedforriskyapplications #Value:
145public const PurpleKnightDoc EnterpriseapplicationsusingSAMLforSSO #Value:
146public const PurpleKnightDoc MFAbombingattackoccurredinthepastday #Value:
147public const PurpleKnightDoc QuerypoliciesthathavetheattributeofLDAPdenylistset #Value:
148public const PurpleKnightDoc ListofRiskyusersmediumorhighlevel #Value:
149public const PurpleKnightDoc Morethan10PrivilegedAdministratorsexist #Value:
150public const PurpleKnightDoc Privilegedaccountswithmailbox #Value:
151public const PurpleKnightDoc Lessthan2GlobalAdministratorsexist #Value:
152public const PurpleKnightDoc Applicationinstancepropertylockdisabled #Value:
153public const PurpleKnightDoc Unprivilegedownerofaprivilegedgroup #Value:
154public const PurpleKnightDoc ProhibitedEntraIDRolesAssigned #Value:
155public const PurpleKnightDoc Selfservicepasswordresetenabledforprivilegedroles #Value:
156public const PurpleKnightDoc EnsureallnonprivilegeduserscancompleteMFA #Value:
157public const PurpleKnightDoc PermanentActivePrivilegedRoleAssignment #Value:
158public const PurpleKnightDoc EntracustomRoleswithriskypermissions #Value:
160public const PurpleKnightDoc DetectMFApolicychangesforgroupsandusers #Value:
161public const PurpleKnightDoc Passwordhashsynchronizationisnotenabled #Value:
162public const PurpleKnightDoc CertificateBasedAuthenticationPersistence #Value:
163public const PurpleKnightDoc UseraccountsusingSmartCardauthenticationwitholdpassword #Value:
164public const PurpleKnightDoc UnresolvedEntraIDprivilegedrolemembers #Value:
165public const PurpleKnightDoc Usersarenotusingtheirprivilegedroles #Value:
166public const PurpleKnightDoc Newpermissionhasbeengrantedtoagroup #Value:
167public const PurpleKnightDoc Newpermissionhasbeengrantedtoauser #Value:
168public const PurpleKnightDoc DangeroususerrightsgrantedbyGPO #Value:
169public const PurpleKnightDoc NewAPItokenwascreated #Value:
170public const PurpleKnightDoc DangerousGPOlogonscriptpath #Value:
171public const PurpleKnightDoc NewSuperAdminpermissionhasbeengrantedtoauser #Value:
172public const PurpleKnightDoc NewSuperAdminpermissionhasbeengrantedtoagroup #Value:
173public const PurpleKnightDoc Useractivationinthelast7days #Value:
174public const PurpleKnightDoc Userdeactivationinthelast7days #Value:
175public const PurpleKnightDoc UserswithoutMultiFactorAuthenticationMFA #Value:
176public const PurpleKnightDoc Passwordpolicycheck #Value:
177public const PurpleKnightDoc Highprivilegedcustomroles #Value:
178public const PurpleKnightDoc UnexpectedaccountsinCertPublishersGroup #Value:
179public const PurpleKnightDoc Applicationexpiredsecretsandcertificates #Value:
180public const PurpleKnightDoc GPOwithScheduledTasksconfigured #Value:
181public const PurpleKnightDoc FIDO2Attestationisnotenforced #Value:
182public const PurpleKnightDoc UserswiththeattributeuserPasswordset #Value:
183public const PurpleKnightDoc ShadowCredentialsonprivilegedobjects #Value:
184public const PurpleKnightDoc DistributedCOMUsersgrouporPerformanceLogUsersgrouparenotempty #Value:
185public const PurpleKnightDoc SuspiciouscredentialsonMicrosoftserviceprincipals #Value:
186