Pavel Rozenberg

My feedback

  1. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » B2B  ·  Flag idea as inappropriate…  ·  Admin →
    Pavel Rozenberg shared this idea  · 
  2. 62 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    Pavel Rozenberg commented  · 

    I agree! This is totally unacceptable for many organizations that are taking security seriously.
    It is also very strange that Microsoft would release a security note and documentation alerting security teams of this protocol vulnerabilities and mitigation, but then implement it in a modern solution.
    Here's a link to their docs page and KB explaining RC4 vulnerability and mitigation:
    https://docs.microsoft.com/en-us/windows-server/security/kerberos/preventing-kerberos-change-password-that-uses-rc4-secret-keys
    https://support.microsoft.com/en-us/help/2868725/microsoft-security-advisory-update-for-disabling-rc4
    https://docs.microsoft.com/en-us/security-updates/securityadvisories/2016/2871997

    Pavel Rozenberg supported this idea  · 
  3. 15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  (General Feedback) » Availability  ·  Flag idea as inappropriate…  ·  Admin →
    Pavel Rozenberg supported this idea  · 

Feedback and Knowledge Base