v0.3.2

This release adds new debug checks for storage accounts configured for Entra Kerberos:

• CheckEntraJoinType: checks the type of Entra domain join (hybrid Entra joined or Entra joined) required for Entra Kerberos.
• CheckFiddlerProxy: checks if Fiddler has left behind an HTTPS proxy that captures traffic and prevents Kerberos traffic from getting to the Entra KDC.

Additionally, this release fixes some bugs in the debug command:

• Fixes a bug in the AD DS debug command's CheckAadKerberosRegistryKeyIsOff check. The check was only detecting if the CloudKerberosTicketRetrievalEnabled setting was disabled via reg key, and not whether it was also disabled via Intune or GPO. It now checks all three.
• Reduces noisy output on PowerShell 5 when registry keys are not found.

v0.3.1

This release adds new debug checks for storage accounts configured for Entra Kerberos:

• CheckWinHttpAutoProxySvc: Checks for the WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) that is required for Microsoft Entra Kerberos authentication.
• CheckIpHlpScv: Checks for IP Helper service (iphlpsvc) that is required for Microsoft Entra Kerberos authentication.

v0.3.0

Release v0.3.0:

This release adds new debug checks for storage accounts configured for Entra Kerberos. The debug cmdlet now automatically detects whether the storage account is configured for AD DS or Entra, and runs the relevant set of checks.

v0.2.9

Release v0.2.9:

1. A new Debug cmdlet that checks if the AAD Kerb registration key is enabled for AD DS which could cause Kerberos issues.
2. A fix for a bug where Kerberos key rotation is not forced, now ensuring that key rotation occurs as intended.
3. Removal of an unused parameter in the Join cmdlet, no longer needed because we are using AES256 as the default encryption type.

v0.2.8

Release v0.2.8:
Migrate from AAD Graph to Microsoft Graph.

v0.2.7

Release v0.2.7:

1. Fix a bug in the checks for whether the configured authentication method on the storage account should allow the operation
2. Fix the logged account names in error messages

v0.2.6

Release v0.2.6:

1. Fix a bug in Debug-AzStorageAccountAuth
2. Change the error message when the user is not using AD.

v0.2.5

Release v0.2.5:

1. Support AES256 encryption type for user accounts.
2. Made AES256 the default encryption type when joining a storage account.
3. Bug fixes
4. Add new checks to Debug-AzStorageAccountAuth.

v0.2.4

Release v0.2.4:

1. Support AES256 encription type for computer accounts with name length longer than 15 characters.

v0.2.3

1. Added a new cmdlet "Move-OnPremSharePermissionsToAzureFileShare" to help migrate local share permissions to Azure RBAC's built-in roles for files.
2. Added two new checks "CheckUserRbacAssignment" and "CheckUserFileAccess" to cmdlet Debug-AzStorageAccountAuth to help diagnose access issues around share RBAC and file ACL configurations.
3. Fixed a bug in cmdlet Test-AzStorageAccountADObjectPasswordIsKerbKey.