Microsoft to Kill RC4 in Kerberos by 2026

Kerberos Overhaul Will Disable RC4 by Default in Windows Chris Riotta (@chrisriotta) • December 16, 2025

Microsoft is officially moving to shut the door on RC4 - a legacy cryptographic cipher that has quietly persisted inside Windows authentication environments for decades - and forcing organizations to finally reckon with outdated security decisions embedded into modern identity systems.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

The tech giant recently announced plans to disable RC4 by default in Windows Kerberos, a change that will directly impact how domain controllers authenticate users and services across enterprise and government networks. The update is expected to roll out in stages, according to Microsoft, giving operators time to identify and remediate their lingering dependencies.

By mid-2026, Microsoft will update default settings for the Kerberos key distribution center on Windows Server 2008 and later to allow only stronger AES-SHA1 encryption, wrote Matthew Palko, a ...