Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC
Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.
This is obviously not ideal. We currently having to perform the rollover task manually each month.
Please look at how this process could be improved for automation.
Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that’s how we are looking at it while prioritizing it against other capabilities requests.
Thanks for your patience!
Principal Program Manager
[Deleted User] commented
4-6 months or more :)
do you have a new date for this feature?
Status please? Need this ASAP.
What is the status of this feature?
This is obviously taking longer than expected to implement (which is fine, I'd rather all the kinks ironed out before production), but can I sign up for some sort of email notification instead of me checking this thread every day?
Matt Hayes commented
Swaroop/Microsoft, any update on this?
Adding a comment to get updates to this thread.
Hi still plans for this to come out this summer?
Do you have any update on this? We're now at the end of April.
Is there any update on this feature?
Adding a comment to get updates to this thread...
Thanks for working on this feature to make this smoother!
Hello???? Did MS leave the room?
Gill Bates commented
CHIRP CHIRP CHIRP?
Any news - this seems like a major deficiency
Matt Hayes commented
Any update on the availability of this?
Folks, I am sorry about the 'radio silence'. We left this open with no update for too long without communication. I sincerely apologize for this oversight.
We made some significant changes to our plans in this area and Automation of Seamless SSO Kerberos decryption key rollover is now targeted for this summer. We will do an update to this thread in early April to update on our progress and get more specific on the date if possible.
Can we please get an update on this one?
David Meatty commented
Still nothing? I've found ways to do it with a Powershell scheduled task using an encrypted file to hold the password but it sill requires a service account with global admin on my tenant. Doing that with an account that has a non-expiring password is not something I want to do.
Patrick Alphonso commented
Q1 2019 now, radio silence from MS on this. Any update???
Already 2019, any update on this?
Any update on this?