Security assessment: Weak cipher usage

What are weak ciphers?

Cryptography relies on ciphers to encrypt our data. For example, RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4) is one. While RC4 is remarkable for its simplicity and speed, multiple vulnerabilities have been discovered since the original release of RC4, rendering it insecure. RC4 is especially vulnerable when the beginning of the output key stream isn't discarded, or when non-random or related keys are used.

How do I use this security assessment to improve my organizational security posture?

  1. Review the recommended action at for weak cipher usage.

    Review weak cipher usage assessment.

  2. Research why the identified clients and servers are using weak ciphers.

  3. Remediate the issues and disable use of RC4 and/or other weak ciphers (such as DES/3DES).

  4. To learn more about disabling RC4, see the Microsoft Security Advisory.


This assessment is updated in near real time. The reports show the affected entities from the last 30 days. After that time, entities no longer affected will be removed from the exposed entities list.



Make sure to test the following settings in a controlled environment before enabling them in production.

To remediate weak cipher usage, modify the msDS-SupportedEncryptionTypes AD attribute on the applicable devices and accounts, and remove the weak ciphers based on these bit flags.

After ensuring that devices and accounts are no longer using the weak ciphers, then modify the domain controller security policy to drop the weak ciphers from the Network security: Configure encryption types allowed for Kerberos setting.

Next steps