Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC

Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.

This is obviously not ideal. We currently having to perform the rollover task manually each month.

Please look at how this process could be improved for automation.

338 votes

(thinking…)

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

We’ll send you updates on this idea

NL shared this idea · March 27, 2018 · Flag idea as inappropriate… · Admin →

started ·

AdminAzure AD Team (Product Manager, Microsoft Azure) responded · August 15, 2019

Hi everyone,
Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that’s how we are looking at it while prioritizing it against other capabilities requests.
Thanks for your patience!

Jairo Cadena
Principal Program Manager
Microsoft Identity

Show previous admin responses (2)

60 comments

Add a comment…

Attach a File

(thinking…)

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

ianc commented · November 06, 2019 10:19 · Flag as inappropriate

Microsoft says "La de da! Did someone ask for something?"

Submitting...
Anonymous commented · October 22, 2019 13:06 · Flag as inappropriate

In the mean time, have look at https://www.insentra.com.au/neil-hoffmans-rotating-the-azure-ad-seamless-sso-kerberos-key-manually-part-2-of-2/
(I did not try this myself, so you are on your own), but it uses a regular on prem account (no domain admin) with just the rights on the AZUREADSSOACC computer account) and a global administrator account, because that's what you need (until we can create AAD custom roles?). But the credentials are stored securely using the Azure Automation Credential Assets feature.

Submitting...
Phil commented · October 16, 2019 03:54 · Flag as inappropriate

Voted - this is definitely needed

Submitting...
Joanne commented · October 08, 2019 14:28 · Flag as inappropriate

Hi Jario,

Any updates on the automation?

thanks

Submitting...
Mikey commented · October 08, 2019 02:02 · Flag as inappropriate

Automate Seamless SSO needed feature. When will it be available to the "public"?

Submitting...
Anonymous commented · October 07, 2019 04:05 · Flag as inappropriate

+1 asap please. We shouldn't have to automate it via an unsecured GA account.

Submitting...
Paweł Zieliński commented · September 28, 2019 12:41 · Flag as inappropriate

Vote up
This should be automatic. Most Azure users are not even aware it is a security issue.

Submitting...
Giuseppe commented · September 25, 2019 03:33 · Flag as inappropriate

Any update on this? It is ridiculous that is not automatic!!!!!

Submitting...
PR commented · September 05, 2019 12:23 · Flag as inappropriate

Why no update on this

its seem obvious it must be automatic !

Submitting...
NL commented · August 22, 2019 20:45 · Flag as inappropriate

This seems like a no-brainer, I can't believe 18 months have past since I posted this feedback and it has apparently gone nowhere.

Submitting...
MCS UK Infra commented · August 21, 2019 06:01 · Flag as inappropriate

Please add this, seems like 2 years now since this feature was available and the manual monthly work on this is less than ideal

Submitting...
Jairo Cadena commented · August 15, 2019 11:49 · Flag as inappropriate

Hi everyone,

Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that's how we are looking at it while prioritizing it against other capabilities requests.

Thanks for your patience!

Jairo Cadena
Principal Program Manager
Microsoft Identity

Submitting...
Anonymous commented · August 15, 2019 11:12 · Flag as inappropriate

Update Please!

Submitting...
David van Boven commented · August 14, 2019 03:37 · Flag as inappropriate

Is there any news regarding the Kerberos rollover?

Submitting...
Matt commented · August 13, 2019 12:22 · Flag as inappropriate

Update please.

Submitting...
David Carter commented · August 08, 2019 07:13 · Flag as inappropriate

Update please, Microsoft.

Submitting...
Captain commented · August 07, 2019 16:17 · Flag as inappropriate

How you getting on with that 4-6 months team?

Submitting...
Anonymous commented · August 02, 2019 02:41 · Flag as inappropriate

me too.....

Update please

Submitting...
Anonymous commented · July 29, 2019 04:54 · Flag as inappropriate

Also waiting on an update for this

Submitting...
Max Michels commented · July 18, 2019 02:36 · Flag as inappropriate

Any updates on this feature?

Submitting...