OPS108 Windows authentication internals in a hybrid world


Have you ever wondered what happens when you type your password into Windows? With the cloud becoming a major part of our world, we find ourselves having to talk to both on-premises and cloud-native resources, which dramatically affects what happens when you do type your password into Windows. Follow along as Steve Syfuhs gives a guided tour of how Windows handles logons internally and secures your authentication in a hybrid world.

IT Ops Talks Hybrid Event: https://aka.ms/ITOpsTalks​
IT Ops Talks Community Chat: https://aka.ms/OPS108-chat​
Steve on Security: https://syfuhs.net/​
Detailed look at Windows Credentials: https://docs.microsoft.com/windows-se...​
Windows Hello for Business: https://docs.microsoft.com/windows/se...​
Passwordless FIDO: https://docs.microsoft.com/azure/acti...​
FIDO Hybrid to on-prem: https://docs.microsoft.com/azure/acti...​
Windows Hello Enhanced Sign-in Security: https://docs.microsoft.com/windows-ha...​

To watch more sessions from the IT Ops Talks: All Things Hybrid event check out our playlist: https://www.youtube.com/playlist?list...​

00:00​ Introduction
02:11​ Logging on to Windows
03:36​ Types of logins
06:33​ The Logon UI
09:39​ Local Security Authority
21:53​ Logon UI Part II
23:42​ Local Security Authority Part II
25:14​ Kerberos in Windows
35:35​ Logon Sessions including Azure Active Directory
38:09​ Local Security Authority Part III
43:53​ Oauth in Windows - Types of credentials
45:55​ Windows Hello Logon
53:34​ FIDO Logon
56:32​ Local Security Authority Part IV
1:01:08​ Azure AD Join
1:05:14​ Community Q&A - How long do we need to keep on-premises AD around?
1:09:39​ How can we enable MFA/FIDO keys for normal AD Login and not only for Apps that support Modern Auth?
1:12:44​ When will we get rid of passwords once and for all?

1 Reply
Thanks for presenting and sharing. Much appreciated. I would like to encourage you to use a better Mic next time. The sound quality is far from optimal.

Session Resources