Lessons in Disabling RC4 in Active Directory
| Active Directory Customer lessons learned when disabling RC4 in Active Directory. Read Article
Protecting Against Credential Theft in Windows
Going passwordless is an integral part of eliminating credential theft. Here's why.
How Managed Service Accounts in Active Directory Work
Managed Service Accounts in Windows allow administrators to automate password management for accounts. Here's how they work.
OPS108: Windows authentication internals in a hybrid world
I recently recorded a presentation on the internals of hybrid Windows authentication. Go watch it.
Identity Delegation in Active Directory
Active Directory delegation is an often misunderstood technology. Here's an in-depth look at how it works.
Preventing UAC Bypass through Kerberos Loopback
User Account Control is a local authorization mechanism. Can you bypass it by going through the network? No. Here's why.
Hybrid Authentication with FIDO
FIDO is how we're tackling passwordless authentication. Have you ever wondered how it works?
Kerberos FAST Armoring
FAST Armoring is a Kerberos extension intended to improve the security of the Kerberos protocol.
Should I Turn off NLA?
Network Level Authentication is critical for secure RDP connections. Don't turn it off.
A Strategy for Protecting Privileged Access
Let's talk a bit about how Microsoft does Privileged Access.
How Windows Defender Credential Guard Works
Have you ever wondered how Credential Guard works?
Windows and Domain Trusts
Domain trusts are complicated. Here's how they work.
How Windows Single Sign-On Works
Have you ever wondered how Windows does Single Sign-on?
Windows Insider Podcast: Ctrl+Alt+Authenticate
I was interviewed by Jason Howard from the Windows Insider team and we talked about Windows Authentication and stuff.
Code Signing for Kerberos.NET
The Kerberos.NET components are now code signed under the .NET Foundation.