Semperis
Capability scores
Methodology →- Authentication
- 2.5
- SSO & Federation
- 2.5
- Authorization
- 4.0
- Lifecycle & Provisioning
- 2.5
- MFA & Passwordless
- 2.0
- Governance & Audit
- 4.5
- Developer Experience
- 3.0
- Deployment Flexibility
- 4.0
- Pricing Transparency
- 2.5
- Support & Ecosystem
- 4.0
Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.
Overview
Semperis specializes in protecting and recovering Active Directory and Entra ID, which it treats as the identity tier zero that ransomware and nation-state actors target first. Its portfolio spans exposure monitoring, attack detection, and the part most vendors ignore: automated, malware-free forest recovery.
Capability deep-dive
Semperis is strongest where AD is the crown jewel. Directory Services Protector continuously scans for risky configurations and indicators of compromise, rolls back unwanted changes, and detects attacks that bypass the security log. Active Directory Forest Recovery is the differentiator, automating a notoriously painful and error-prone process so you can rebuild a clean directory after a breach. Governance and audit visibility into the directory are excellent. The limits are scope-driven: this is a Microsoft-directory specialist, not a general-purpose ITDR for every identity provider, and it is not an authentication or MFA product. If AD is not central to you, the value drops sharply.
Pricing
Quote-based and not published. Pricing typically scales with the number of objects or users in the protected directories. Expect a sales-led process and annual contracts.
Bottom line
The pick for organizations that consider AD and Entra ID mission-critical and want both detection and proven recovery, not a general multi-IdP ITDR tool.