DRAG DROP
You deploy Active Directory Federation Services (AD FS) for a company’s Office 365 environment. You have a server named Server1 that runs Windows Server 2016. You allocate Server1 for the AD FS deployment.
You have the following requirements:
Use Integrated Windows Authentication.
Deploy a proxy server for AD FS.
Ensure the proxy server is secure.
You need to install the proxy server.
Which three steps should you perform in sequence? To answer, move the appropriate steps from the list of step to the answer area and arrange them in the correct order.
Select and Place:
uses Kerberos constrained delegation to authenticate users to the published application. https://technet.microsoft.com/en-us/library/dn584113(v=ws.11).aspx https://technet.microsoft.com/en-us/library/dn383648(v=ws.11).aspx
Explanation:
Box1
Leave Server1 as a standalone server.
Box2
Install the Web Application Proxy (WAP) role service and configure the service.
Box3
Configure Kerberos constrained delegation.
Web Application Proxy can be deployed without joining the server to an AD DS domain or by joining the Web
Application Proxy server to a standalone domain in a perimeter network.
The Web Application Proxy role service is a replacement for the AD FS proxy role.
When publishing applications that use Integrated Windows authentication, the Web Application Proxy server
References:
Standalone
WAP
AD FS proxy role install
Kerberos constrained requires a domain-joined server.
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-sso-using-kcd