Protecting Against Credential Theft in Windows
| Authentication Going passwordless is an integral part of eliminating credential theft. Here's why. Read Article
How Managed Service Accounts in Active Directory Work
Managed Service Accounts in Windows allow administrators to automate password management for accounts. Here's how they work.
OPS108: Windows authentication internals in a hybrid world
I recently recorded a presentation on the internals of hybrid Windows authentication. Go watch it.
Identity Delegation in Active Directory
Active Directory delegation is an often misunderstood technology. Here's an in-depth look at how it works.
Hybrid Authentication with FIDO
FIDO is how we're tackling passwordless authentication. Have you ever wondered how it works?
Kerberos FAST Armoring
FAST Armoring is a Kerberos extension intended to improve the security of the Kerberos protocol.
How Windows Defender Credential Guard Works
Have you ever wondered how Credential Guard works?
Windows and Domain Trusts
Domain trusts are complicated. Here's how they work.
How Windows Single Sign-On Works
Have you ever wondered how Windows does Single Sign-on?
Windows Insider Podcast: Ctrl+Alt+Authenticate
I was interviewed by Jason Howard from the Windows Insider team and we talked about Windows Authentication and stuff.
How Azure AD Windows Sign-in Works
Let's talk Azure AD join and what that means to a Windows device. What's it mean to be joined to something?
Kerberos Explained in a Little Too Much Detail
Kerberos is an authenticated key agreement protocol based on the Needham-Schroeder protocol. That's too complicated -- let's break it down a little.
How Authentication Works when you use Remote Desktop
Have you ever wondered how authentication works for things like Remote Desktop?
What Happens When you Type Your Password into Windows?
Have you ever wondered what happens behind the scenes when you type your password into the Windows logon screen and hit enter?
KDC Proxy for Remote Access
There's a little known feature in Windows called the KDC Proxy that lets clients communicate with KDC servers over an HTTPS channel instead of TCP.