Detection:

$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters"
$regName = "CloudKerberosTicketRetrievalEnabled"
$expectedValue = 1

try {
    if (Test-Path $regPath) {
        $currentValue = Get-ItemProperty -Path $regPath -Name $regName -ErrorAction SilentlyContinue
        if ($currentValue -ne $null -and $currentValue.$regName -eq $expectedValue) {
            Write-Host "Value exists and is set correctly."
            exit 0
        }
    }
    Write-Host "Value doesn't exist or is not set correctly."
    exit 1
}
catch {
    Write-Host "Error checking registry value."
    exit 1
}

Remediation:

try {
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters" /v CloudKerberosTicketRetrievalEnabled /t REG_DWORD /d 1 /f
    exit 0
}
catch {
    Write-Host "Error setting registry value."
    exit 1
}

reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters /v CloudKerberosTicketRetrievalEnabled /t REG_DWORD /d 1