In this episode we chat with Microsoft PM Jordan Gross about the exciting world of Entra Kerberos.

Discover how this crucial feature bridges the gap between traditional on-premises Active Directory and the modern cloud, enabling seamless authentication for legacy applications in hybrid environments.

Jordan delves into the mechanics of Entra Kerberos, its different operational modes (up-level and down-level trust), and its significance for organizations migrating to the cloud.

We also explore MAM (Mobile Application Management) on Edge, another innovative solution Jordan worked on, which helps secure browser access on personal devices.

LinkedIn - https://www.linkedin.com/in/jordangross61/

PS. Can I ask a favor? If you enjoy this podcast please leave a review and rating on your podcast app! This helps more folks discover Entra.Chat - Thank you 🙏 - Merill

Watch on YouTube or get the podcast from the links below 👇

🔗 Related Links

Entra Kerboros

* How Azure AD Kerberos Works • Steve Syfuhs

* Cloud Kerberos trust deployment guide

* Use Kerberos for single sign-on (SSO) to your resources with Microsoft Entra Private Access

* Kerberos Constrained Delegation for single sign-on (SSO) to your apps with application proxy

* Enable Microsoft Entra Kerberos authentication for hybrid identities on Azure Files

* How Windows Authentication for Azure SQL Managed Instance is implemented with Microsoft Entra ID and Kerberos

* Configure single sign-on for Azure Virtual Desktop using Microsoft Entra ID

* Enable Kerberos SSO to on-premises Active Directory and Microsoft Entra ID Kerberos resources in Platform SSO (MacOS)

MAM

* Data protection for Windows MAM

📗 Chapters

00:00 Intro

01:24 Introducing Entra Kerberos & MAM on Edge

03:13 What is Entra Kerberos?

04:14 Understanding Traditional Kerberos

06:39 Why Entra Didn't Just Use Kerberos Initially

07:36 The Lingering Importance of On-Prem AD

09:08 Where Entra Kerberos Fits: Solving Hybrid Problems

10:06 Use Cases: Regulations & File Sharing (SMB Protocol)

11:55 How Entra Kerberos Works: Two Styles

13:36 Modern Auth vs. Down-Level Trust Explained

14:04 The Convenience of Cloud TGTs with Windows Hello

15:26 Accessing Resources: TGT to TGS Exchange

17:03 How Apps Trust Entra Kerberos Tickets

18:00 Admin Setup for Trust Relationship

19:22 Supporting Legacy Apps in a Modern World

21:24 Benefits Over NTLM & Conditional Access

23:04 Future of Entra Kerberos: Cloud-Only Users

26:28 Expanding Support: Mac, Linux & Mobile Devices

29:13 Current Big Use Cases: Azure Files & AVD

30:06 Understanding Down-Level Scenarios

31:42 Interaction with Global Secure Access

33:57 Transition to MAM for Edge

34:27 What Problem Does MAM for Edge Solve?

36:12 How MAM for Edge Protects Personal Devices

38:11 Security Scope: Benign User Mistakes vs. Hackers

40:23 Combining MDM and MAM for Enhanced Security

41:20 Deployment: Intune Policies & Entra Configuration

43:18 Windows-Only Feature for Now

44:10 Benefits: Security, User Empowerment & Visibility

48:13 Intune Dependency & Flexibility with Other MDMs

49:50 The Fun of Cross-Team Collaboration

50:48 Concluding Thoughts & Thank You

Podcast Apps

🎙️ Entra.Chat - https://entra.chat

🎧 Apple Podcast → https://entra.chat/apple

📺 YouTube → https://entra.chat/youtube

📺 Spotify → https://entra.chat/spotify

🎧 Overcast → https://entra.chat/overcast

🎧 Pocketcast → https://entra.chat/pocketcast

🎧 Others → https://entra.chat/rss

Merill's socials

📺 YouTube → youtube.com/@merillx

👔 LinkedIn → linkedin.com/in/merill

🐤 Twitter → twitter.com/merill

🕺 TikTok → tiktok.com/@merillf

🦋 Bluesky → bsky.app/profile/merill.net

🐘 Mastodon → infosec.exchange/@merill

🧵 Threads → threads.net/@merillf

🤖 GitHub → github.com/merill

Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe