Forum Discussion
Recommended to roll over Kerberos decryption key Seamless Sign-on
When I am looking at my Azure AD Connect, I see a notice that it is recommended to roll over the Kerberos decryption key on my on-premise Ad for Seamless sign on. The Microsoft Docs just mentions it...
Jeff Harlow I'm by no means an expert, but I believe rolling over the key is considered a "best practice" from a security perspective. Not rolling over the key shouldn't cause SSO to stop working.
That said...you should do it. It's a simple procedure.