Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Samuel Leslie

My feedback

  1. 114 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Samuel Leslie commented  · 

    This appears to be done, although it's unfortunate no-one at Microsoft has taken the time to let everyone who requested this feature know by updating this feature request. Now we just need the automatic key rollover: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/33773926-automate-seamless-sso-kerberos-decryption-key-roll

    An error occurred while saving the comment
    Samuel Leslie commented  · 

    This is an absolute showstopper for us w.r.t. usage of this feature and we'd really like to hear from any engineers who can provide some insight as to why such an old algorithm was chosen as the sole supported cipher for Seamless SSO.

    The best practice has been to disable RC4_HMAC_MD5 for well over a decade, alongside the similarly obsolete DES_CBC_CRC and DES_CBC_MD5 algorithms. The AES encryption types have been supported since Windows Server 2008 and Windows Vista, so backwards compatibility shouldn't be a significant concern here?

    Granted, the Kerberos ticket transmitted by clients for Seamless SSO is as far as I'm aware only ever sent over HTTPS, which should be using modern and far stronger encryption, but enabling support for RC4_HMAC_MD5 has to effectively be done domain-wide. That obviously opens up numerous risks in now allowing such an old encryption algorithm to be used by any Kerberos clients on the given domain.

    Samuel Leslie supported this idea  · 
  2. 17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Samuel Leslie shared this idea  · 
  3. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
    Samuel Leslie shared this idea  · 
  4. 109 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We’re aware of an issue that can cause this error to be logged when the Update Assessment solution is installed.
    You can check if this is what you’re seeing my temporarily removing the Update Assessment solution and confirming the errors stop.

    The Update Assessment solution functionality is not affected and you can safely ignore this error.

    An error occurred while saving the comment
    Samuel Leslie commented  · 

    Frustrating to see that almost 3 years from this issue being "Planned" it's still unfixed. Yes, it's benign as far as functionality goes, but it adds a substantial amount of noise to the system event logs and the error events being generated are easily mistaken for genuine issues which need to be rectified.

    An error occurred while saving the comment
    Samuel Leslie commented  · 

    Can we please get an update on this? While the issue is "harmless" it results in dozens of error events on managed servers, often in a single day. This makes identifying genuine issues more difficult during analysis of Event Logs, and also requires additional filtering when forwarding logs to a server.

    Samuel Leslie supported this idea  · 
  5. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Samuel Leslie shared this idea  · 
  6. 8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Samuel Leslie shared this idea  · 
  7. 188 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Change Tracking  ·  Flag idea as inappropriate…  ·  Admin →
    Samuel Leslie supported this idea  · 
  8. 8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Update Management » Deployments  ·  Flag idea as inappropriate…  ·  Admin →
    Samuel Leslie shared this idea  · 
  9. 837 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    128 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Azure AD Team responded

    Hi everyone,
    Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that’s how we are looking at it while prioritizing it against other capabilities requests.
    Thanks for your patience!

    Jairo Cadena
    Principal Program Manager
    Microsoft Identity

    Samuel Leslie supported this idea  · 
  10. 6,058 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    271 comments  ·  Networking » DNS  ·  Flag idea as inappropriate…  ·  Admin →
    Samuel Leslie supported this idea  · 
  11. 1,965 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    176 comments  ·  Signup and Billing  ·  Flag idea as inappropriate…  ·  Admin →

    Hey folks, sorry for the late update. Some backend changes were made to alleviate this issue but I believe it doesn’t solve it for everyone yet. Let me go get some details and come back with a better update. Thanks!

    John

    Samuel Leslie supported this idea  · 

Feedback and Knowledge Base