Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC
Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.
This is obviously not ideal. We currently having to perform the rollover task manually each month.
Please look at how this process could be improved for automation.
Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that’s how we are looking at it while prioritizing it against other capabilities requests.
Thanks for your patience!
Principal Program Manager
What is the go with this? Cant believe it still in the Pipeline? waiting for what?
Laurent Boisrobert commented
it will be a really secure feature after 3 years of dev :-).
Any ETA ?
Dennis Villalobos commented
MARSOLIER Benoit commented
Here is a part of my script i used each month on my AD Connect Server
$log = "C:\Scripts\SSO-log.txt"
Remove-Item $log -Force
"Kerberos Key sync`n" |out-file $log
$Cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList Domain\$DomainAdmin, (Get-Content $Pwd | ConvertTo-SecureString -Key (Get-Content $VarPath\onprem.key))
$CredCloud = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $CloudAdmin, (Get-Content $PwdO365 | ConvertTo-SecureString -Key (Get-Content $VarPath\O365.key))
#Connect to O365
cd 'C:\Program Files\Microsoft Azure Active Directory Connect'
New-AzureADSSOAuthenticationContext -CloudCredentials $CredCloud
#Sync Keyberos Decryption Key
Update-AzureADSSOForest -OnPremCredentials $cred
Get-AzureADSSOStatus | ConvertFrom-Json -OutVariable Out
$Out |out-file $log -Append
Michael Meeks commented
Important enough that I get alerted about it but not important enough for MS to automate.
What is the status on this?
Christian P. Gyssels commented
COME ON MICROSFT - WE NEED A LITTLE AUTOMATION WITH THIS!!!!
What's the ETA for this?
Any Update? This is getting Embarrassing...
Allan Ha commented
Any updates? Still having to do this manually...
We're still waiting on a status for this... Can you post an update please?
Brian Garcia commented
What a hassle.
David Leppelmeier commented
My luck, we had a monthly reminder setup to manually do this and the reminder expired.....so stinking busy no one thought of it without the reminder, until we started having session authentication problems..took three days to figure out this was the cause of our woes.
COME ON MICROSFT - WE NEED A LITTLE AUTOMATION WITH THIS!!!! I think we've waited long enough for this, let's get a solution!!
Alexander Rieder commented
What is the ETA for this?
Raphael Eymann commented
Any Update? This is getting Embarrassing....
ליאור פרומט commented
Any update on this?
When will this feature be available? Changing something every month as a routine job is a bit annoying.
Hi AD Team,
So what is the new timeline? Do you need more time to figure out the new timeline?
Would have thought 2.5 years is plenty to figure this out.
@Community, what are your best suggestions for workarounds?
If it's highly recommended every 30 days, an automated solution should be provided!
Any news from the Azure AD Team timeline?
Dwayne Hiers commented
Would be a very useful feature. Keep us posted!