How can we improve Azure Active Directory?

← Azure Active Directory

Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC

Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.

This is obviously not ideal. We currently having to perform the rollover task manually each month.

Please look at how this process could be improved for automation.

282 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

NL shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
started  ·  AdminAzure AD Team (Product Manager, Microsoft Azure) responded  · 

Hi everyone,
Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that’s how we are looking at it while prioritizing it against other capabilities requests.
Thanks for your patience!

Jairo Cadena
Principal Program Manager
Microsoft Identity

Show previous admin responses (2)

53 comments

Attach a File
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • PR commented  ·   ·  Flag as inappropriate

    Why no update on this

    its seem obvious it must be automatic !

  • NL commented  ·   ·  Flag as inappropriate

    This seems like a no-brainer, I can't believe 18 months have past since I posted this feedback and it has apparently gone nowhere.

  • MCS UK Infra commented  ·   ·  Flag as inappropriate

    Please add this, seems like 2 years now since this feature was available and the manual monthly work on this is less than ideal

  • Jairo Cadena commented  ·   ·  Flag as inappropriate

    Hi everyone,

    Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that's how we are looking at it while prioritizing it against other capabilities requests.

    Thanks for your patience!

    Jairo Cadena
    Principal Program Manager
    Microsoft Identity

  • Fred Stanley commented  ·   ·  Flag as inappropriate

    It's been a year since the last Admin update on this.

    Can key rollover be done from the Azure AD portal and if so, where exactly is that located?

    Has the automatic key rollover feature already been implemented as an auto-update to Azure AD Connect?

  • Tobias commented  ·   ·  Flag as inappropriate

    It's simple to automate this in Azure Automation with a Hybrid Worker on-prem. Credential is kept safe in Azure and the job can be scheduled. 500 minutes of running time is free every month.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is obviously taking longer than expected to implement (which is fine, I'd rather all the kinks ironed out before production), but can I sign up for some sort of email notification instead of me checking this thread every day?

← Previous 1 3

Azure Active Directory: Azure AD Connect

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice