Hello @tobias2021,
Thank you for posting here.
What machine (Windows server or Windows client or non-Windows server or non-Windows client) did you scan using DAST program?
If it is machine with Windows operating system, we can disable weak SSL Cipher and enable secure SSL Cipher or enable secure TLS Cipher.
However, if there are third-part apps/machines with non-Windows operating system or old Apps (Windows or non-Windows) in your AD environement, you may consider whether they support secure SSL Cipher or TLS Cipher(in other word, they may only support weak SSL ) before disabling weak SSL Cipher .
Reference
Managing SSL/TLS Protocols and Cipher Suites for AD FS
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou