Which two actions should you perform on Server1?

Your network contains an Active Directory domain named contoso.com. The domain
contains a member server named Server1 that has the Active Directory Federation Services
server role installed. All servers run Windows Server 2012.d
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of
the solution. Choose two.)

Your network contains an Active Directory domain named contoso.com. The domain
contains a member server named Server1 that has the Active Directory Federation Services
server role installed. All servers run Windows Server 2012.d
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of
the solution. Choose two.)

A.
Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.

B.
Edit the multi-factor authentication global authentication policy settings.

C.
Run Enable-AdfsDeviceRegistration.

D.
Run Set-AdfsProxyProperties HttpPort 80.

E.
Edit the primary authentication global authentication policy settings.

Explanation:
* To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm..
Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an added
level of access protection to corporate resources and applications from external devices that
are trying to access them. When a personal device is Workplace Joined, it becomes a

‘known’ device and administrators can use this information to drive conditional access and
gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and
conditional access for Workplace Joined devices
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global
Primary Authentication. Select the check box next to Enable Device Authentication, and then
click OK.



Leave a Reply 6

Your email address will not be published. Required fields are marked *


joe

joe

agree with C and E.

Dave

Dave

You can be forgiven for getting this one wrong, since even TechNet gives contradictory information. Note that both of these articles allegedly apply to Server 2012 R2:

https://technet.microsoft.com/en-us/library/dn268496.aspx
https://technet.microsoft.com/en-us/library/dn486831.aspx

Both articles indicate that two cmdlets must be run, but which one should be run first, “Enable-AdfsDeviceRegistration –PrepareActiveDirectory” or “Initialize-ADDeviceRegistration” (which doesn’t even appear in the question)?

In real life, whichever one doesn’t return a blob of red text is the correct one. Unfortunately, you don’t have the luxury of attempting both on the exam.

find more

find more

Excellent article. I am facing some of these issues as well..|