Policy

Allow retrieving the Azure AD Kerberos Ticket Granting Ticket during logon

This policy setting allows retrieving the Azure AD Kerberos Ticket Granting Ticket during logon. If you disable or do not configure this policy setting, the Azure AD Kerberos Ticket Granting Ticket is not retrieved during logon. If you enable this policy setting, the Azure AD Kerberos Ticket Granting Ticket is retrieved during logon.

Policy
Pack Microsoft Windows
Category System / Kerberos
Policy ID b104ad7067af
Internal name CloudKerberosTicketRetrievalEnabled

Registry

Copy registry mappings

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\CloudKerberosTicketRetrievalEnabled (enabled) = 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\CloudKerberosTicketRetrievalEnabled (disabled) = 0

Policy notes

This policy setting allows retrieving the Azure AD Kerberos Ticket Granting Ticket during logon. If you disable or do not configure this policy setting, the Azure AD Kerberos Ticket Granting Ticket is not retrieved during logon. If you enable this policy setting, the Azure AD Kerberos Ticket Granting Ticket is retrieved during logon.

Related policies

Always send compound authentication firstConfigure hash algorithms for certificate logonDefine host name-to-Kerberos realm mappingsDefine interoperable Kerberos V5 realm settingsDisable revocation checking for the SSL certificate of KDC proxy serversEnable Delegated Managed Service Account logonsFail authentication requests when Kerberos armoring is not available