As an outsider it seems like MS has been much more proactive at moving away from insecure crypto in other places. For example, there was a while where every Windows release would disable some old insecure part of the SMB/CIFS protocol by default while still allowing it to be enabled for backwards compatibility if necessary.

Are they doing the same for AD? From the article it sounds like it falls back to RC4 automatically out of the box. That is something they should have started migrating away from at least a decade ago - gradually, with options for backwards compatibility to support their customers - but the fact that it is enabled by default in 2025 seems insane.