mo wasay
-
Diving into Primary Refresh Tokens and Authentication Strengths in Microsoft Entra ID
authentication, Biometrics, Certificate-based Authentication, Conditional Access, Cybersecurity, Device Binding, Federated Authentication, FIDO2, Hybrid Access, Identity Management, Kerberos, MFA, Microsoft Authenticator, Microsoft Entra ID, Multi-factor Authentication, NTLM, OAuth 2.0, OpenID Connect, Passwordless, Phishing-resistant, Primary Refresh Token, PRT, SAML, Security Keys, Single Sign-On, Smartcard, SSO, Temporary Access Pass, Windows Hello, WS-FederationMicrosoft Entra ID is the backbone of modern identity management, powering secure access to cloud and hybrid resources. At its core, the Primary Refresh Token (PRT) makes single sign-on (SSO) smooth and secure across devices and apps. Paired with a range of authentication methods, Entra ID offers flexibility and strength for everyone from new users…
-
Mastering PRT Delayed Renewal in Microsoft Entra ID: Controls, Configurations, and Real-World Scenarios
In the evolving landscape of identity management, the Primary Refresh Token (PRT) stands as a cornerstone of seamless single sign-on (SSO) in Microsoft Entra ID. As devices increasingly operate in hybrid environments—online, offline, or in hibernation—understanding how to control PRT delayed renewal is essential for security admins and architects. Delayed renewal refers to the postponement…
-
Understanding Tokens in Microsoft Entra ID: Types, Lifetimes, and Beyond
In the world of modern identity and access management, tokens are the digital keys that unlock secure access to resources. Microsoft Entra ID (formerly Azure Active Directory) relies on these tokens to authenticate users, authorize applications, and enforce security policies. Whether you’re a developer building apps, an admin managing access, or a security pro auditing…
-
Adding an Application Registration\ Service Principal to another Application Registration\ Service Principal
Typically when working with App Roles in Azure Active Directory for a single application registration or service principal and then self consuming that app role as an Application API Permission you would see in the Enterprise Application > Users and Groups blade that service principals are added. Every now and then a question comes up…
-
Get all the domains controllers in the AD forest along with their current FSMO roles
In a large enterprise an admin would need to keep track of all the domains in a AD forest, the domain names, the domain controllers (DC) , their IPs, and what FSMO roles does a DC hold. Wrote a little script to just do that…
-
Force synchronization for DFSR-replicated SYSVOL
One of my clients had a problem with processing GPO on client computers. Different computers applied different settings from the same GPO but from different domain controllers. All tests related to replication was successful, all GPOs are applied, but replication between domain controllers was a problem, and because of that most clients had a different…