Forum Discussion

Copper Contributor

Mar 14, 2026

Kerberos and the End of RC4: Protocol Hardening and Preparing for CVE‑2026‑20833

CVE-2026-20833 addresses the continued use of the RC4‑HMAC algorithm within the Kerberos protocol in Active Directory environments. Although RC4 has been retained for many years for compatibility wit...

admin

azure

identity and access management

identity protection

identity standards

Log Analytics

microsoft defender for identity

security

threat protection

aduser

Copper Contributor

Mar 23, 2026

So if we have msDS-SupportedEncryptionTypes attribute set to use RC4 on service accounts, computer accounts, and Domain Controllers it will be no impact even on July 2026?

jdomke1

Copper Contributor

Apr 13, 2026

That's the exact opposite of what I just read. RC4 is gone come July 2026 unless you decide not to patch your DCs.

Elanor92
Microsoft
Apr 21, 2026
Actually no. Theoretically you can set the msDS-SupportedEncryptionTypes to allow RC4 on all the account and have no issue on July, but why leave such a huge vulnerability open?
I'll advice on analyzing the logs and set the attribute msDS-SupportedEncryptionTypes to allow RC4 only temporarily and when really necessary.