Відео

This video is really helpful, thanks

Hi thanks !

DHCP (Preview) ? lol

Thanks for this awesome video! Would be nice to step even deeper into more advanced policy management with EPAC

huge! 🔥

Is it possible to add AD groups to an Authentication Policy Silo or are you limited to individual accounts?

Was looking for exactly this. Thank you!

very helpful , thank you very much!

Thank you

This is one of the most helpful videos I have seen on Azure Policy. Thanks so much

Are you able to use kinit from a linux/mac system to grab a tgt, using your DA account, and then edit anything (ldapedit/ldapmodify) in AD using the credential remotely. I guess I'm asking how comprehensively does an authentication policy silo apply. I have found the some AD restrictions are only honored by windows devices (my recollection is logon workstation restrictions or group policy deny logon policy, can be gotten around easily this way).

Hello, thank you for the video: I have the following error -> Error: creating/updating Security Rule->performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: SecurityRuleInvalidAddressPrefix: invalid address prefix Not really sure what that's about.

Great Explenation, Thanks Dan

About time someone deciphered the MS documentation, great video, clear explanation and appreciate your efforts despite the repetitive and nuanced language required to explain this complexity.

Thank you sir, comment for growing up

Comment for growing up big thanks!

Mega thanks!

Thank you, Keep It up

Huge thanks

Thank you

Excelente video. Muy buena explicacion . Gracias por compartirla.

Glad to help out in any way I can, do you want to reach out to me on LinkedIn and we can set something up? Sorry, I don't have a great mechanism figured out for direct messages yet.

Good job on the video - I tested this 2 or 3 years ago and also found it underwhelming, frustrating, and often slow - and that is just managing on prem servers. Doesn't really look like it is worth switching to still. We have 1100 application/infra windows servers and it was crazy inefficient to use and manage this tool.

Hey man I’m studying for my AZ104 I have around 6/7 years experience I’d like to connect and learn more from you, do you offer video calls?

Thank you, the topic I have been waiting for the most!

Sub 👍 I’ve got my Az-104 coming up great video

I was investigating Kerberos armouring and came across your video, Really interesting stuff, well put together video. I am currently implementing the tiered admin model within our AD this sounds like it would be very useful to prevent our tier 0s from logging into tier 1 servers. I was wondering in the scenario you created in the video would you still be able to log into the DC with a account not tagged with the authentication policy? Thinking of break glass accounts.

Great stuff about Azure Policy, thanks!

Wouldnt Adding domain controllers to authentication silos prevent regular users from being able to get a ticket for their own sso?

I learned perfectly just how much is needed, thanks!

I was reading a MS blog post about Auth Policies and Silos being the recommended way to control which servers Domain Admins should be logging in to rather than the GPO lockdown method previously recommended. I do wonder restricting kerberos auth would this also impact IIS and other servers that use the domain controllers for authentication of users? Assuming if all clients are on the latest OS's they support kerberos arming and protection.

Thanks for the explanation on this topic! I started reading the MS documentation on it and didn’t really get the big picture of what these features were trying to accomplish. One thing, at 16:27 when trying to log onto that web-p1 server with the DA account. If that account is a member of the protected users group then it’s possible that NTLM auth being blocked was preventing you from logging on, as opposed to the authentication silo because Kerberos isn’t used when specifying a service address by IP.

Thanks for creating the videos!