Windows

In my previous post, I explored Windows Hello for Business using the Key Trust model. This time, I’m turning my attention to configuring Windows Hello to authenticate with Cloud Kerberos Trust. For this test, I’m working on an Entra ID–joined machine and attempting to access an on‑premises Active Directory domain‑joined file server. Signing in with Windows Hello for Business against Entra ID works perfectly for cloud applications, but the moment I try to reach on‑premises resources such as file shares, printers, or legacy apps, Kerberos is required. Traditionally the device must be domain‑joined, or the user is prompted again to supply their AD credentials. ...

I was troubleshooting an issue with Windows Hello for Business recently. I’ve tried setting it up in my home lab so I understand how it works for hybrid-joined computers. This post is about what I learned about the authentication flows for key trust and certificate trust, and why understanding them is essential for troubleshooting. I could sign in with Windows Hello on the corporate network but ran into issues when on a remote network (secured with specific firewall restrictions). It would initially work but then after some time, I couldn’t sign-in using the Windows Hello pin or biometric until I connected back to the corporate network. My setup is hybrid-joined. ...

I like using Git Bash, especially when I’m working with the Azure CLI. To make switching easier, I added Git Bash to Windows Terminal so I can move between it and PowerShell without hassle. To add Git Bash as a profile in Windows Terminal: Find the installation directory of Git for Windows. For my installation, it is under C:\Program Files\Git Within this directory, navigate to usr\bin to find bash.exe. The full path is something like C:\Program Files\Git\usr\bin\bash.exe ...