The way you explain things makes life around Azure so much easier !

@john_craddock

Жыл бұрын

Thank you! Your comment is much appreciated

I like anyone who goes back and edits in missing information afterwards (e.g. 'along with their public key' comment at 2:50). That shows thorough attention to detail and an awareness of the perspective of learners. Thanks very much.

@john_craddock

9 ай бұрын

Thank for the comments Eric! I always try and make the videos as clear as possible - so it's great to hear when I have succeeded.

This was just ... well ... fantastic! Thanks a lot, I learnt a lot from this.

@john_craddock

7 ай бұрын

Thank for letting me know - I am glad you found it useful

Probably the best videos on Azure right now, even more clearly explained than Microsofts own articles available on the web, thank you Sir for your valuable time and effort in making all this great technical contents, hope to see a lot lot more in the near future

@john_craddock

Жыл бұрын

Thanks Supriyo, Comments like yours make it all worthwhile!

@steveng.42

Жыл бұрын

I couldn't agree more with this sentiment! John should just be the default auth explainer on all Microsoft technical docs!

@john_craddock

Жыл бұрын

@@steveng.42 Many thanks for your comment Steve, much appreciated!

@alpeshbhoi330

Жыл бұрын

​@@john_craddocknice video John. I have just one question if we have Root ca, intermidiate ca and issuing ca, the do we need to upload all of those three certificates?

excellent video, thanks for this

@john_craddock

Жыл бұрын

Thanks Damien for letting me know!

Awesome session John 🎉

@john_craddock

Жыл бұрын

Thanks Andy - Along way to go before I join the ranks of a KZread master like you!

@AndyMaloneMVP

Жыл бұрын

@@john_craddock you’ll get there my friend 👍😊

Thanks John, As per your commitment in one of the videos to make one video per week but I didn't see many uploaded recently. Can you please clarify when you gonna upload videos on other Authentication and Authorization methods. Thank you 😊

@john_craddock

7 ай бұрын

Hi Abdul, That was an ambitious commitment and now I'm embarrassed! Unfortunately I got completely committed to a customer project. However, I am now trying to get back on-track with the videos. I already have a video on authentication methods kzread.info/dash/bejne/npWex6ioc9WYe7A.html. What content are you looking for?

@abdulmananclasses.7793

7 ай бұрын

Thanks John for replying on my message. I want to have some series on Application Registration and Enterprise Application.

@john_craddock

6 ай бұрын

@@abdulmananclasses.7793 It's on my list, Hopefully in the next couple of months!

With the SKI the smartcards could be anonymous and even pre-issued, that’s quite neat in addition to the high affinity. Is there an drawback if you don’t have attributes (for this specific Entra ID Login case)

Hi John, thanks for video! Appreciate you taking the time to make and share this content. Can you tell me what the app is you are using to dump the token claims and test various login experiences? It’s at 5:57 (OpenID Connect & OAuth 2.0 demo). I would like to use this to do some of my own setup and testing but can’t find it.

@john_craddock

Жыл бұрын

Hi @holodray2269, thanks for the feedback. The app is something I put together for my identity masterclass. I don't make it freely available. However if you join the class you get a copy of it an more! learn.xtseminars.co.uk

Very informative

@john_craddock

10 ай бұрын

Glad it was helpful!

When using windows Keystore, it should use the cryptong rsa provider, as it uses credential isolation. And potential even tpm, but I am not sure how to enforce this.

Hi John, thank you so much for you video. Can you explain how to create the other certificate templates, like CBAUserSetName and others, I'm a little confused in that step. Thank you so much.

@john_craddock

7 ай бұрын

Sorry for the late reply. Please give me time on the video that you are asking about

Thanks for the awesome content as usual. Why can't we use CBA as second factor option like Auth app or U2F fido2 keys? I see CBA listed as MFA option once CBA is enabled but it fails when used. Is it by design or it is due to other issues with certificate. if by design, then MS should not show CBA as MFA option.

@john_craddock

Жыл бұрын

Hi @anuj_rana, thanks for the feedback. CBA can be used as a sign in for 1st Factor or 1 & 2 factor combined. So a cert tagged with the appropriate OID is considered strong auth. I think the assumption is that if the org is issuing strong auth certs then the admins have taken the appropriate steps to make sure that those certs are only issued to devices that secure them with a second factor (biometric or pin). I hope that helps!

Would like to see video how this type of authentication can be used for automation tasks (service principals)

@john_craddock

Жыл бұрын

Hi Gregory, With a workload identity, the preferred way of setting it up is to use a signed JWT assertion and this uses an X509 cert for signing and validation. Workload identities are something I will be covering in the future. My list is getting longer!

Awesome video sir. How to enroll certificate to yubikey and use it for authentication.?

@john_craddock

Жыл бұрын

Thanks @Sathish. I'm glad you enjoyed it!

up to last 5 minutes is correct, MFA is rather misleading, bindings to SKI or OIDs within CBA are still single factored,

@john_craddock

Жыл бұрын

Hi Mihran, It is the organization that is designating that a particular certificate type (correct OID) can be treated as multifactor. For this to be true multifactor, the org will need to make sure that those certificate type are only issued to certificate storage (smartcard or similar) that require a PIN or biometric. I am sorry if that wasn't clear - Many thanks for your feedback

What if you have users in an Azure Only environment without any server?

@john_craddock

7 ай бұрын

You will require a PKI to issue your certificates

@fbifido2

Сағат бұрын

@@john_craddock does Microsoft intune not provide a way to issue Cert from my own ROOT certificate?

@fbifido2

Сағат бұрын

@@john_craddock does Microsoft offer a private pki for intune ?

This is completely irrelevant for modern cloud based Microsoft 365 Entra

@john_craddock

9 ай бұрын

I am not quite sure why you say that. I agree if you don't want to use CBA, then it may not be relevant to you, but it is certainly not irrelevant to everyone.

@ohyeahbabyohyes

9 ай бұрын

On-prem is going away. @@john_craddock