Forum Discussion

Copper Contributor

Mar 14, 2026

Kerberos and the End of RC4: Protocol Hardening and Preparing for CVE‑2026‑20833

CVE-2026-20833 addresses the continued use of the RC4‑HMAC algorithm within the Kerberos protocol in Active Directory environments. Although RC4 has been retained for many years for compatibility wit...

admin

azure

identity and access management

identity protection

identity standards

Log Analytics

microsoft defender for identity

security

threat protection

jdomke1

Copper Contributor

Apr 13, 2026

That's the exact opposite of what I just read. RC4 is gone come July 2026 unless you decide not to patch your DCs.

Elanor92

Microsoft

Apr 21, 2026

Actually no. Theoretically you can set the msDS-SupportedEncryptionTypes to allow RC4 on all the account and have no issue on July, but why leave such a huge vulnerability open?
I'll advice on analyzing the logs and set the attribute msDS-SupportedEncryptionTypes to allow RC4 only temporarily and when really necessary.