AWS Managed Microsoft AD now supports Kerberos Encryption audit event logs

Amazon Web Services has enhanced its Managed Microsoft Active Directory service with new Kerberos encryption audit logging capabilities. The feature allows organizations to forward Kerberos encryption audit event logs (Event IDs 201-209) to Amazon CloudWatch Logs, providing administrators with visibility into which encryption protocols their applications and services are using across their environment. The logging enhancement specifically helps IT teams identify resources that are still using the older RC4 encryption protocol versus those using the more secure AES encryption standard. Organizations can access these logs by enabling log forwarding in the AWS Directory Service console's Network and Security tab for their Managed Microsoft AD directory. This visibility enables informed decisions about upgrading legacy clients to AES encryption for improved security posture or maintaining RC4 support where compatibility requirements dictate. The feature is now available across all AWS regions that support Managed Microsoft AD, with the exception of the Middle East (UAE) and Middle East (Bahrain) regions. The capability addresses a critical security visibility gap for enterprises managing hybrid Active Directory environments in the cloud.