Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC
Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.
This is obviously not ideal. We currently having to perform the rollover task manually each month.
Please look at how this process could be improved for automation.
Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that’s how we are looking at it while prioritizing it against other capabilities requests.
Thanks for your patience!
Principal Program Manager
Gill Bates commented
CHIRP CHIRP CHIRP?
Any news - this seems like a major deficiency
Matt Hayes commented
Any update on the availability of this?
Folks, I am sorry about the 'radio silence'. We left this open with no update for too long without communication. I sincerely apologize for this oversight.
We made some significant changes to our plans in this area and Automation of Seamless SSO Kerberos decryption key rollover is now targeted for this summer. We will do an update to this thread in early April to update on our progress and get more specific on the date if possible.
Can we please get an update on this one?
David Meatty commented
Still nothing? I've found ways to do it with a Powershell scheduled task using an encrypted file to hold the password but it sill requires a service account with global admin on my tenant. Doing that with an account that has a non-expiring password is not something I want to do.
Patrick Alphonso commented
Q1 2019 now, radio silence from MS on this. Any update???
Already 2019, any update on this?
Any update on this?
D. van Boven commented
Is there any news regarding the Kerberos rollover?
Josef Micka commented
I also want to know what is that of this feature.
Admin cannot every month manually roll over keys for all Azure connected domains, and storing credentials into scripts breaks security.
If you want people to migrate to azure, you should not only provide seamless experience for end users, but also for administrators.
MCS UK Infra commented
is there any news on the kerberos rollover its getting tedious when it could ideally be automated
Hi Azure AD Team,
Any update on this?
Patrick Elischer commented
push, would be important..
Brenton Crosby commented
Looking for an update on this please Azure AD Team!
Hi, what's the latest update to this, has the key rollover process has been automated via Azure AD Connect or can this be done now via Azure AD portal?
Hi Azure AD Team, we're at the 3 month mark since your last post on this. Are we likely to see this feature in Azure AD portal soon?
Alex Appleton commented
Has this still not been fixed? Having to put Domain Admin credentials into a plain text file in order to automate this is deranged...