Update authentication-policies-and-authentication-policy-silos.md #8004
Conversation
This needs an extensive re-write. There are several distinct topics: - Kerberos armoring and support for claim. This is a dependency for the subject of the article - Protected Users security group. This is not a dependency, but can enforce them by not allowing a fallback to NTLM - Authentication policies and authentication policy silos. On the topic of authentication policies and authentication policy silos, the material would benefit from a reorganisation to clarify separately how each feature works.
|
Learn Build status updates of commit 501f435:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| WindowsServerDocs/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos.md | Details |
WindowsServerDocs/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos.md
- Line 50, Column 5: [Warning: bookmark-not-found - See documentation]
Cannot find bookmark '#BKMK_HowKerbUsed' in 'security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos.md'. - Line 52, Column 5: [Warning: bookmark-not-found - See documentation]
Cannot find bookmark '#BKMK_HowRestrictingSignOn' in 'security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos.md'. - Line 54, Column 5: [Warning: bookmark-not-found - See documentation]
Cannot find bookmark '#BKMK_HowRestrictingServiceTicket' in 'security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos.md'.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
For any questions, please:
- Try searching the learn.microsoft.com contributor guides
- Post your question in the Learn support channel
|
@microsoft-github-policy-service agree |
|
@Air-Git : Thanks for your contribution! The author(s) have been notified to review your proposed change. |
prmerger-automator
bot
added
security/subsvc
Change sent to author
windows-server/svc
labels
|
@robinharwood, @Xelu86 #label:"aq-pr-triaged" |
|
Users robinharwood are already assigned. |
prmerger-automator
bot
added
the
aq-pr-triaged
|
@robinharwood Hi Robin, There's some interesting material in the article which I found nowhere else, on Schema and Event Log. But I found the description of the authentication policies and policy silos to be rather confusing. I found the most accurate description is in the link: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/how-to-configure-protected-accounts. What would be useful is a more general overview of what each is used for. e.g. (I think) an authentication policy restricts what devices an account can sign on to, or services it can authenticate to; but an authentication policy silo prevents anything else signing on or authenticating to the devices. |
This needs an extensive re-write. There are several distinct topics:
On the topic of authentication policies and authentication policy silos, the material would benefit from a reorganisation to clarify separately how each feature works.