MFA is Hard to do Right
| Authentication MFA is critical to securing the world, but it's hard to do right. Here's why. Read Article
Killing NTLM is Hard
The NTLM authentication protocol just won't die.
Lessons in Disabling RC4 in Active Directory
Customer lessons learned when disabling RC4 in Active Directory.
Protecting Against Credential Theft in Windows
Going passwordless is an integral part of eliminating credential theft. Here's why.
How Managed Service Accounts in Active Directory Work
Managed Service Accounts in Windows allow administrators to automate password management for accounts. Here's how they work.
OPS108: Windows authentication internals in a hybrid world
I recently recorded a presentation on the internals of hybrid Windows authentication. Go watch it.
Identity Delegation in Active Directory
Active Directory delegation is an often misunderstood technology. Here's an in-depth look at how it works.
Preventing UAC Bypass through Kerberos Loopback
User Account Control is a local authorization mechanism. Can you bypass it by going through the network? No. Here's why.
Hybrid Authentication with FIDO
FIDO is how we're tackling passwordless authentication. Have you ever wondered how it works?
Kerberos FAST Armoring
FAST Armoring is a Kerberos extension intended to improve the security of the Kerberos protocol.
Should I Turn off NLA?
Network Level Authentication is critical for secure RDP connections. Don't turn it off.
A Strategy for Protecting Privileged Access
Let's talk a bit about how Microsoft does Privileged Access.
How Windows Defender Credential Guard Works
Have you ever wondered how Credential Guard works?
Windows and Domain Trusts
Domain trusts are complicated. Here's how they work.
How Windows Single Sign-On Works
Have you ever wondered how Windows does Single Sign-on?