How can we improve Azure Active Directory?

← Azure Active Directory

Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC

Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.

This is obviously not ideal. We currently having to perform the rollover task manually each month.

Please look at how this process could be improved for automation.

171 votes

Sign in

Your name

Your email address

(thinking…)

Password

Sign in with:

Forgot password?

Create a password

Signed in as (Sign out)

We’ll send you updates on this idea

NL shared this idea · Mar 27, 2018 · Flag idea as inappropriate… · Admin →

started ·

AdminAzure AD Team (Product Manager, Microsoft Azure) responded · Jul 18, 2018

We are currently working on an approach that will allow Tenant Admins to do key rollover from the Azure AD portal; without the need for PowerShell or scripting. This will be released within the next 4-6 months. Subsequently, we will release an update that will perform key rollover automatically every 30 days

Swaroop

Show previous admin responses (1)

30 comments

Add a comment…

Sign in

Your name

Your email address

(thinking…)

Password

Sign in with:

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

Mike commented · April 23, 2019 6:56 AM · Flag as inappropriate

Hi,

Do you have any update on this? We're now at the end of April.
Mike commented · April 9, 2019 7:43 AM · Flag as inappropriate

Is there any update on this feature?
Anonymous commented · April 3, 2019 10:25 AM · Flag as inappropriate

Adding a comment to get updates to this thread...
Thanks for working on this feature to make this smoother!
Patrick Elischer commented · March 26, 2019 3:23 AM · Flag as inappropriate

before commenting this post, you should read the comments first.
MS wrote(05. Februar 2019) : "We will do an update to this thread in early April to update on our progress and get more specific on the date if possible."

it isn't april yet, is it?
Neil commented · March 26, 2019 2:59 AM · Flag as inappropriate

Hello???? Did MS leave the room?
Gill Bates commented · March 22, 2019 11:44 AM · Flag as inappropriate

CHIRP CHIRP CHIRP?
AlexSamad commented · March 5, 2019 6:05 PM · Flag as inappropriate

Any news - this seems like a major deficiency
Matt commented · March 1, 2019 1:01 PM · Flag as inappropriate

Any update on the availability of this?
AdminAzure AD Team (Product Owner, Microsoft Azure) commented · February 4, 2019 3:06 PM · Flag as inappropriate

Folks, I am sorry about the 'radio silence'. We left this open with no update for too long without communication. I sincerely apologize for this oversight.

We made some significant changes to our plans in this area and Automation of Seamless SSO Kerberos decryption key rollover is now targeted for this summer. We will do an update to this thread in early April to update on our progress and get more specific on the date if possible.

Keith
NL commented · February 3, 2019 3:10 PM · Flag as inappropriate

Can we please get an update on this one?
David Meatty commented · January 18, 2019 9:53 AM · Flag as inappropriate

Still nothing? I've found ways to do it with a Powershell scheduled task using an encrypted file to hold the password but it sill requires a service account with global admin on my tenant. Doing that with an account that has a non-expiring password is not something I want to do.
Patrick Alphonso commented · January 18, 2019 8:24 AM · Flag as inappropriate

Q1 2019 now, radio silence from MS on this. Any update???
Anonymous commented · January 9, 2019 12:26 AM · Flag as inappropriate

Already 2019, any update on this?
Lee commented · December 31, 2018 2:53 AM · Flag as inappropriate

Any update on this?
D. van Boven commented · December 27, 2018 6:52 AM · Flag as inappropriate

Is there any news regarding the Kerberos rollover?
Josef Micka commented · December 17, 2018 12:50 AM · Flag as inappropriate

I also want to know what is that of this feature.
Admin cannot every month manually roll over keys for all Azure connected domains, and storing credentials into scripts breaks security.

If you want people to migrate to azure, you should not only provide seamless experience for end users, but also for administrators.
MCS UK Infra commented · December 14, 2018 9:11 AM · Flag as inappropriate

is there any news on the kerberos rollover its getting tedious when it could ideally be automated
Anonymous commented · December 14, 2018 9:05 AM · Flag as inappropriate

Hi Azure AD Team,

Any update on this?
Patrick Elischer commented · December 7, 2018 1:30 AM · Flag as inappropriate

push, would be important..
Brenton Crosby commented · November 25, 2018 9:14 PM · Flag as inappropriate

Looking for an update on this please Azure AD Team!

← Previous 1 2 Next →

Azure Active Directory: Azure AD Connect

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 3,545 ideas
- Additional Services 235 ideas
- Analytics Platform System 10 ideas
- API Apps 3 ideas
- API Management 387 ideas
- Application Insights 505 ideas
- Automation 410 ideas
- Azure Active Directory 2,951 ideas
- Azure Active Directory Application Requests 199 ideas
- Azure Advisor 12 ideas
- Azure Alert Management 60 ideas
- Azure Analysis Services 125 ideas
- Azure API for FHIR 0 ideas
- Azure App Configuration 5 ideas
- Azure Backup 371 ideas
- Azure Bot Service 52 ideas
- Azure Cloud Shell 248 ideas
- Azure Confidential Compute 1 idea
- Azure Container Instances 72 ideas
- Azure Container Registry 45 ideas
- Azure Cosmos DB 263 ideas
- Azure CycleCloud 0 ideas
- Azure Data Explorer 31 ideas
- Azure Database for MariaDB 9 ideas
- Azure Database for MySQL 52 ideas
- Azure Database for PostgreSQL 84 ideas
- Azure Database Migration Service 27 ideas
- Azure Databricks 45 ideas
- Azure DDoS Protection 6 ideas
- Azure Digital Twins 14 ideas
- Azure Event Grid 40 ideas
- Azure Functions 132 ideas
- Azure Governance 56 ideas
- Azure Government 67 ideas
- Azure IoT 225 ideas
- Azure IoT Central 58 ideas
- Azure IoT Device Catalog 8 ideas
- Azure IoT Edge 54 ideas
- Azure IoT Solution Accelerators 20 ideas
- Azure Key Vault 84 ideas
- Azure Kubernetes Service (AKS) 110 ideas
- Azure Management Groups 12 ideas
- Azure Maps 35 ideas
- Azure Marketplace 371 ideas
- Azure Media Services 245 ideas
- Azure Migrate 28 ideas
- Azure mobile app 198 ideas
- Azure Monitor 66 ideas
- Azure Pack 306 ideas
- Azure portal 1,767 ideas
- Azure Resource Manager 372 ideas
- Azure Search 207 ideas
- Azure Security Center 150 ideas
- Azure Sentinel 11 ideas
- Azure Service Health 13 ideas
- Azure SignalR Service 7 ideas
- Azure Spatial Anchors 9 ideas
- Azure Sphere 39 ideas
- Azure Stack 134 ideas
- Azure TCO Calculator 28 ideas
- Azure Time Series Insights 3 ideas
- Batch 36 ideas
- Batch AI 8 ideas
- Biztalk Services 23 ideas
- Blockchain 36 ideas
- Cache 44 ideas
- CDN 83 ideas
- Cloud Services (Web and Worker Role) 274 ideas
- Cost Management 159 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 0 ideas
- Data Catalog 108 ideas
- Data Factory 629 ideas
- Data Lake 332 ideas
- Data Science VM 18 ideas
- Diagnostics and Monitoring 179 ideas
- Event Hubs 14 ideas
- Global Infrastructure 32 ideas
- HDInsight 120 ideas
- Lab Services 221 ideas
- Log Analytics 852 ideas
- Logic Apps 1,188 ideas
- Machine Learning 438 ideas
- Mobile Engagement 19 ideas
- Networking 666 ideas
- Notification Hubs 35 ideas
- Scheduler 47 ideas
- Scripting and Command Line Tools 101 ideas
- SDK and Tools 137 ideas
- Security and Compliance 75 ideas
- Service Bus 174 ideas
- Service Fabric 271 ideas
- Signup and Billing 1,219 ideas
- Site Recovery 209 ideas
- SQL Data Sync 66 ideas
- SQL Data Warehouse 231 ideas
- SQL Database 557 ideas
- SQL Managed Instance 60 ideas
- SQL Server 9,145 ideas
- Storage 649 ideas
- StorSimple 46 ideas
- Stream Analytics 224 ideas
- Support Feedback 247 ideas
- System Center Data Protection Manager 103 ideas
- Update Management 107 ideas
- Virtual Machines 1,366 ideas
- Web Apps 310 ideas
Microsoft Azure