The tech giant has spoken out on the phenomenon of Kerberoasting - which takes place when a hacker targets the Kerberos authentication protocol with the intent to steal AD credentials - and is hoping to combat the issue by teaming up with Original Equipment Manufacturers (OEMs), app developers, and others in the ecosystem.
In a blog post, Microsoft said: "Check for ticket requests with unusual Kerberos encryption types. Cyberthreat actors can downgrade Kerberos ticket encryption to RC4 since cracking it is significantly faster. Admins can check the events in the Microsoft Defender XDR and filter the results based on the ticket encryption type to check for weaker encryption type usage."
The tech giant also advised that administrators "should maintain at least a 14-character minimum password".
In a warning, the post added: "Cyberthreat actors can downgrade Kerberos ticket encryption to RC4 since cracking it is significantly faster. Admins can check the events in the Microsoft Defender XDR and filter the results based on the ticket encryption type to check for weaker encryption type usage."