In this episode we chat with Microsoft PM Jordan Gross about the exciting world of Entra Kerberos.
Discover how this crucial feature bridges the gap between traditional on-premises Active Directory and the modern cloud, enabling seamless authentication for legacy applications in hybrid environments.
Jordan delves into the mechanics of Entra Kerberos, its different operational modes (up-level and down-level trust), and its significance for organizations migrating to the cloud.
We also explore MAM (Mobile Application Management) on Edge, another innovative solution Jordan worked on, which helps secure browser access on personal devices.
LinkedIn - https://www.linkedin.com/in/jordangross61/
PS. Can I ask a favor? If you enjoy this podcast please leave a review and rating on your podcast app! This helps more folks discover Entra.Chat - Thank you 🙏 - Merill
Watch on YouTube or get the podcast from the links below 👇
🔗 Related Links
Entra Kerboros
How Azure AD Kerberos Works • Steve Syfuhs
Use Kerberos for single sign-on (SSO) to your resources with Microsoft Entra Private Access
Kerberos Constrained Delegation for single sign-on (SSO) to your apps with application proxy
Kerberos Constrained Delegation for single sign-on (SSO) to your apps with application proxy Enable Microsoft Entra Kerberos authentication for hybrid identities on Azure Files
Enable Microsoft Entra Kerberos authentication for hybrid identities on Azure Files 
How Windows Authentication for Azure SQL Managed Instance is implemented with Microsoft Entra ID and Kerberos Configure single sign-on for Azure Virtual Desktop using Microsoft Entra ID
MAM
📗 Chapters
00:00 Intro
01:24 Introducing Entra Kerberos & MAM on Edge
03:13 What is Entra Kerberos?
04:14 Understanding Traditional Kerberos
06:39 Why Entra Didn't Just Use Kerberos Initially
07:36 The Lingering Importance of On-Prem AD
09:08 Where Entra Kerberos Fits: Solving Hybrid Problems
10:06 Use Cases: Regulations & File Sharing (SMB Protocol)
11:55 How Entra Kerberos Works: Two Styles
13:36 Modern Auth vs. Down-Level Trust Explained
14:04 The Convenience of Cloud TGTs with Windows Hello
15:26 Accessing Resources: TGT to TGS Exchange
17:03 How Apps Trust Entra Kerberos Tickets
18:00 Admin Setup for Trust Relationship
19:22 Supporting Legacy Apps in a Modern World
21:24 Benefits Over NTLM & Conditional Access
23:04 Future of Entra Kerberos: Cloud-Only Users
26:28 Expanding Support: Mac, Linux & Mobile Devices
29:13 Current Big Use Cases: Azure Files & AVD
30:06 Understanding Down-Level Scenarios
31:42 Interaction with Global Secure Access
33:57 Transition to MAM for Edge
34:27 What Problem Does MAM for Edge Solve?
36:12 How MAM for Edge Protects Personal Devices
38:11 Security Scope: Benign User Mistakes vs. Hackers
40:23 Combining MDM and MAM for Enhanced Security
41:20 Deployment: Intune Policies & Entra Configuration
43:18 Windows-Only Feature for Now
44:10 Benefits: Security, User Empowerment & Visibility
48:13 Intune Dependency & Flexibility with Other MDMs
49:50 The Fun of Cross-Team Collaboration
50:48 Concluding Thoughts & Thank You
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill's socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
Share this post