In this session we will cover the basic concepts of Kerberos Authentication from Azure AD Joined Devices. An overview of the synced attributes that are required with the PRT to enable Kerberos and NTLM will help you understand if your environment is setup for SSO. We will also deep-dive in the logs, show some tools you can use to troubleshoot Kerberos and also demonstrate the requirement for SSO with Kerberos when using Windows Hello for Business. At the end of the session, viewers should have a good understanding of the mechanics of SSO to domain resources from Azure AD Joined Devices.