With the July 2026 security updates, Microsoft will permanently disable the legacy RC4 encryption algorithm in Kerberos authentication, requiring the use of modern encryption standards such as AES128 and AES256.
I do not anticipate any significant impact on systems that are properly maintained, but I strongly recommend carrying out a proactive assessment to identify any systems that still use the RC4 algorithm.
Potential Risks
Legacy applications, older servers, hardware appliances, or service accounts configured only for RC4 authentication may fail to authenticate after Domain Controllers are updated.
How to Verify Your Environment
Microsoft provides tools to detect accounts and services still using RC4:
Microsoft Learn:Detect and remediate Kerberos RC4 usage
Detail about RC4 usage is stored in the Security Event Logs on Kerberos Key Distribution Centers (KDCs) for Windows Server 2019 and later. RC4 usage in Event Logs was also added to Windows Server 2016 in the January 2025 cumulative update. The following event IDs identify RC4 usage and accounts that are only able to use RC4:
Event ID 4768, which is for the requested Kerberos authentication ticket (TGT).
Event ID 4769, which is for the requested Kerberos service ticket.
Microsoft published these scripts as open source and they're available in Microsoft's Kerberos-Crypto GitHub repository. Alternatively, you can also identify RC4 usage using a security information and event management (SIEM) solution, like Microsoft Sentinel, or built-in Windows forwarding as described in our blog post
Interesting change coming from MS on security but for the better. Hopefully, our systems are maintained, but I will alert our security team to this one. Thanks for sharing it.