Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC
Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.
This is obviously not ideal. We currently having to perform the rollover task manually each month.
Please look at how this process could be improved for automation.

Hi everyone,
Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that’s how we are looking at it while prioritizing it against other capabilities requests.
Thanks for your patience!
Jairo Cadena
Principal Program Manager
Microsoft Identity
118 comments
-
Alexander Rieder commented
What is the ETA for this?
-
Raphael Eymann commented
Any Update? This is getting Embarrassing....
-
ליאור פרומט commented
Any update on this?
-
Diego commented
When will this feature be available? Changing something every month as a routine job is a bit annoying.
-
Anonymous commented
+1
-
Anonymous commented
Buelher?
-
Jaans commented
Hi AD Team,
So what is the new timeline? Do you need more time to figure out the new timeline?
Would have thought 2.5 years is plenty to figure this out.
@Community, what are your best suggestions for workarounds?
-
Heinz commented
If it's highly recommended every 30 days, an automated solution should be provided!
Any news from the Azure AD Team timeline? -
Dwayne Hiers commented
Would be a very useful feature. Keep us posted!
-
Jim Fischer commented
Does Microsoft offer a automated workaround for this?
-
Stefan Redlin commented
Any update on this?
-
Brian commented
any update on this!? Its been over a year since the last update
-
Björn Bengtsson commented
Please prioritize this!
Cheers -
Gregory Mund commented
WOW, almost a year and a half and no update on this? C'mon Man!! This should have been automated out of the gate, not an afterthought. If you aren't going to actually work on this maybe you should change the status from Started to Stalled.
-
Neut, Erik van der commented
Found a post leading to this, hoping it was a better solution than community powershell scripts, but no.... Voted
-
Brenton Crosby commented
Would like to see some action on this, as long as the Azure AD Connect client is auto-updating this feature should be able to be rolled out to everyone who has that in place.
-
[Deleted User] commented
Is there any progress on this one? :) Still waiting
-
Joar Borgli commented
Hello WE NEEDED THIS 2 years ago already soon 3!
-
Michael commented
What is happening with this? In mid 2018 it was going to be 4-6 months away.. can you please provide an update to advise why this is taking so long? It seems it should be a fairly simple functionality improvement that impacts most, if not all of your customers on Azure AD.
-
Marco commented
Any progress ?