Remediating - Stop Weak Cipher Usage

Occasional Contributor
Weak ciphers need to be disabled because they are susceptible to cracking and reduce the overall security posture of the organization. With this security assessment, Microsoft Defender for Identity detects network activities that are using weak ciphers as a misconfiguration or as a deliberate security downgrade.
Under Exposed Identities it shows Protocol Kerberos and Cipher Rc4HMac.
Attempted resolution:
In AD - set "This account supports Kerberos AES 256 bit encryption". (and turned on 128 bit)
It has been several days and the vulnerability is not clearing for any accounts.
I also applied a GPO to all workstations:
Policy Setting
Network security: Configure encryption types allowed for KerberosEnabled
Future encryption typesEnabled
Any other suggestions?
1 Reply


Hi, if you are certain that the AES configuration for the affected account are correct but it does not disappear from the improvement action list of exposed entities, please open a support case so we can troubleshoot properly.


Thanks, Or Tsemah