I get a medium warning re a user (synced to AAD) on an AAD joined Windows 10 computer accessing KRBTGT on a domain controller. The user and the computer match (that is it's the users computer). It has happened once a few days ago - not before nor after.
Everything looks quite normal except the encryption downgrade warning. Can this be a false positive or should I look into it more closely?
