Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Alex Rourke

My feedback

  1. 114 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Alex Rourke commented  · 

    On 10/7/19, Microsoft updated the troubleshooting seamless SSO article: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso.

    Before, the section on Kerberos encryption stated: "Seamless SSO uses the RC4_HMAC_MD5 encryption type for Kerberos. Disabling the use of the RC4_HMAC_MD5 encryption type in your Active Directory settings will break Seamless SSO. In your Group Policy Management Editor tool ensure that the policy value for RC4_HMAC_MD5 under Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> "Network Security: Configure encryption types allowed for Kerberos" is enabled. In addition, Seamless SSO can't use other encryption types, so ensure that they are disabled."

    Now, it says this: "Seamless SSO supports the AES256_HMAC_SHA1, AES128_HMAC_SHA1 and RC4_HMAC_MD5 encryption types for Kerberos. It is recommended that the encryption type for the AzureADSSOAcc$ account is set to AES256_HMAC_SHA1, or one of the AES types vs. RC4 for added security. The encryption type is stored on the msDS-SupportedEncryptionTypes attribute of the account in your Active Directory. If the AzureADSSOAcc$ account encryption type is set to RC4_HMAC_MD5, and you want to change it to one of the AES encryption types, please make sure that you first roll over the Kerberos decryption key of the AzureADSSOAcc$ account as explained in the FAQ document under the relevant question, otherwise Seamless SSO will not happen."

    So the documentation now suggests that support has been added. Will test and let you all know.

  2. 28 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure Active Directory » Devices  ·  Flag idea as inappropriate…  ·  Admin →
    Alex Rourke supported this idea  · 
    An error occurred while saving the comment
    Alex Rourke commented  · 

    They have completely removed Chrome from the list of browsers supported in Server 2016. Not even "Coming Soon" anymore. I just don't understand Microsoft sometimes, they really love to make people's lives needlessly difficult. I'm sure I know their answer - "Use VDI with Windows 10!"

Feedback and Knowledge Base