Your network contains an Active Directory domain named contoso.com. The domain contains servers named
Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services
server role installed. Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On
(SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.
Enable the Device Registration Service in Active Directory.
B.
Publish the Device Registration Service by using a Web Application Proxy.
C.
Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D.
Create and configure a sync share on Server2.
E.
Install the Work Folders role service on Server2.
Explanation:
* Workplace Join leverages a feature included in the Active Directory Federation Services (AD FS) Role in
Windows Server 2012 R2, called Device Registration Service (DRS). DRS provisions a device object in Active
Directory when a device is Workplace Joined. Once the device object is in Active Directory, attributes of that
object can be retrieved and used to provide conditional access to resources and applications. The device
identity is represented by a certificate which is set on the personal device by DRS when the device is
Workplace Joined.
* In Windows Server 2012 R2, AD FS and Active Directory Domain Services have been extended to
comprehend the most popular mobile devices and provide conditional access to enterprise resources based on
user+device combinations and access policies. With these policies in place, you can control access based on
users, devices, locations, and access times.
BYOD Basics: Enabling the use of Consumer Devices using Active Directory in Windows Server
2012 R2