Article archive

A detailed technical guide to buying a domain, understanding DNS, adding a custom domain to Microsoft Entra and Microsoft 365, and configuring DNS records such as MX, TXT, CNAME, SPF, DKIM, and DMARC.

A technical guide to Password Hash Synchronization, Pass-Through Authentication, and federation with AD FS or PingFederate, centered on where validation really happens.

A technical guide to SAML, WS-Federation, OAuth 2.0, and OpenID Connect, focused on trust transfer, actor roles, and what the backend is validating.

A technical guide to Kerberos, NTLM, LDAP bind, passkeys, certificate-based authentication, and Windows Hello for Business, focused on what each method proves and how the backend validates it.

A technical guide to the major authentication protocols and sign-in models used in Microsoft environments, including Kerberos, NTLM, LDAP bind, SAML, WS-Federation, OAuth 2.0, OpenID Connect, passkeys, certificate-based authentication, AD FS, and Microsoft Entra sign-in models.

A technical guide to Microsoft Entra Agent ID, including the agent identity model, Conditional Access enforcement, identity governance, risk detection, and network-level controls for AI agents.

A technical guide to Microsoft Entra passkey sign-in, including same-device and cross-device flows, compatibility dependencies, and rollout design.

A technical guide to Microsoft Entra passkey registration on Windows and mobile, with a focus on credential issuance, MFA bootstrap, platform differences, and backend policy checks.

A technical guide to Microsoft Entra passkey profiles, AAGUID restrictions, attestation behavior, and the control-plane logic behind passkey governance.

A technical document for Microsoft Entra administrators covering how Microsoft Entra Backup and Recovery works, what it can recover, supported objects and properties, difference reports, recovery behavior, soft deletion, troubleshooting, and operational design guidance.

A detailed technical guide to AADSTS50020 in Microsoft Entra ID, including resource-tenant identity resolution, invitation redemption, cross-tenant access, and external identity design.

A detailed technical guide to Microsoft Entra join and registration failures on Windows, including device registration service flow, pending objects, dsregcmd analysis, and downstream impact on compliance and PRT.

A detailed technical guide to Microsoft Entra Primary Refresh Token failures on Windows, including dsregcmd analysis, device trust, broker behavior, network dependencies, and remediation design.

Technical troubleshooting for when Passkey (FIDO2) does not appear in Security info or Microsoft Authenticator, including Authentication Methods policy, MFA bootstrap, platform support, and authenticator constraints.

A detailed technical guide to why Microsoft Entra can block a sign-in from an Intune-compliant device, including device identity proof, browser support, client certificate behavior, and Conditional Access evaluation.

A detailed technical guide to browser behavior in device-based Conditional Access, including Edge, Chrome, Safari, private browsing, client certificate behavior, and support-matrix design.

A technical guide to Microsoft Entra passkeys for administrators, including passkey types, registration flows, Authentication Methods policy, Conditional Access, and deployment design.

A technical troubleshooting guide for Microsoft Entra passkeys covering registration failures, Conditional Access loops, Bluetooth issues, orphaned passkeys, compatibility gaps, and Authenticator-specific problems.

An engineering-level explanation of access tokens and refresh tokens in Microsoft Entra ID, including token ownership, lifetime, renewal, revocation, and common troubleshooting patterns.

A top-to-bottom engineering explanation of how Microsoft Entra Conditional Access evaluates scope, combines controls, and influences token issuance.