Remediating - Stop Weak Cipher Usage

Occasional Contributor
Description
Weak ciphers need to be disabled because they are susceptible to cracking and reduce the overall security posture of the organization. With this security assessment, Microsoft Defender for Identity detects network activities that are using weak ciphers as a misconfiguration or as a deliberate security downgrade.
 
Under Exposed Identities it shows Protocol Kerberos and Cipher Rc4HMac.
 
Attempted resolution:
In AD - set "This account supports Kerberos AES 256 bit encryption". (and turned on 128 bit)
 
It has been several days and the vulnerability is not clearing for any accounts.
 
I also applied a GPO to all workstations:
Policy Setting
Network security: Configure encryption types allowed for KerberosEnabled
DES_CBC_CRCDisabled
DES_CBC_MD5Disabled
RC4_HMAC_MD5Disabled
AES128_HMAC_SHA1Enabled
AES256_HMAC_SHA1Enabled
Future encryption typesEnabled
 
Any other suggestions?
1 Reply

@JG-Burke 

Hi, if you are certain that the AES configuration for the affected account are correct but it does not disappear from the improvement action list of exposed entities, please open a support case so we can troubleshoot properly.

 

Thanks, Or Tsemah