22.214.171.124 AS Exchange
If EnableCBACandArmor is TRUE, the client SHOULD<30> behave as follows:
When sending the AS REQ, add a PA-PAC-OPTIONS  (section 2.2.9) PA-DATA type with the Claims bit set in the AS REQ to request claims authorization data.
When receiving the AS_REP, if the Claims bit is set in PA-SUPPORTED-ENCTYPES , and not set in PA-PAC-OPTIONS , the client SHOULD locate a DS_BEHAVIOR_WIN2012 DC (section 126.96.36.199) and go back to step 1.
If EnableCBACandArmor is TRUE, the principal is not the computer account, and the client is running on a domain-joined computer, the Kerberos client SHOULD use FAST [RFC6113] when the principal’s Realm supports FAST (section 188.8.131.52).<31>