Suspected skeleton key attack (encryption downgrade)

EliOfek 

So checking this from MS https://gallery.technet.microsoft.com/Aorato-Skeleton-Key-24e46b73

Gives me this result?

PS C:\Users\xxxxxxxxx\Downloads\aorato-skeleton-scanner\aorato-skeleton-scanner> C:\Users\xxxxxxxxx\Downloads\aorato-skeleton-scanner\aorato-skeleton-scanner\AoratoSkeletonScan.ps1

Domain Functional Level (DFL) must be at least 2008 to test, current DFL of domain xxxxxxxxx.au is Windows2008R2Domain so the check is valid

xxxxxxxDCS01.xxxxxxx.au DC supports AES as it should.

xxxxxxxDC1.xxxxxxxx.au DC supports AES as it should.

xxxxDCS02.xxxxxxxx.au DC supports AES as it should.

xxxxxxxxxS01.xxxxxxxxx.au DC supports AES as it should.

xxxxxxxDCSS01.xxxxxxxxx.au DC supports AES as it should.

xxxxxxDC2.xxxxxxxxx.au DC supports AES as it should.

xxxxxxxxADSSS02.xxxxxxxxx.au DC supports AES as it should.

xxxxxxxxADSPR01.xxxxxxxxx.au DC supports AES as it should.

checked 8 DCs out of 8 in domain xxxxxxxxx.au. None of the checked DCs were found infected

PS C:\Users\xxxxxxxxx\Downloads\aorato-skeleton-scanner\aorato-skeleton-scanner> 

Does this mean this system is clean?

Is this check authorative? 

Cause this seems to contradict the details from Azure ATP?

How can I cross-refernce the two pieces of information and clear this as either a TP or FP?

Digging a bit deeper in MCAS I have discovered this:

https://portal.cloudappsecurity.com/#/identity-security-posture/weak-ciphers

This shows that we have at least 20 devices using RC4 over Kerberos that are generating over 1,000 activities per month - would it be fair to say that this is quite possibly just due to older systems that need updating? 

Thanks,

Dave C