DRAG DROP
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain
resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area and
arrange them in the correct order.
Answer: See the explanation.
Note:
* Checklist: Deploying a Federation Server Farm include:
(Box 1) Enroll a Secure Socket Layer (SSL) certificate for AD FS.
(Box 2) Install the AD FS role service.
(Box 3, box 4) Optional step: Configure a federation server with Device Registration Service
(DRS).
Box 3: To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm..
Box 4: Update the Web Application Proxy configuration
The Device Registration Service will be available through the Web Application Proxy once it
is enabled on a federation server. You may need to complete this procedure to update the
Web Application Proxy configuration if it was deployed prior to enabling the Device
Registration Service.
* Workplace Join is made possible by the Device Registration Service (DRS) that is included
with the Active Directory Federation Role in Windows Server 2012 R2. When a device is
Workplace Joined, the DRS provisions a device object in Active Directory and sets a
certificate on the consumer device that is used to represent the device identity. The DRS is
meant to be both internal and external facing. Companies that deploy both DRS and the
Web Application Proxy will be able to Workplace Join devices from any internet connected
location.
Reference: Deploying a Federation Server Farm
The Answer is correct!
https://technet.microsoft.com/en-us/library/dn280939.aspx
Install cert
Install ADFS
Enable Device Registration
Install Web Application Proxy
the kind of questions I hate, I’m pretty sure it doesn’t matter if you configure the certificate or ADFS first!!
Actually, during configuration of ADFS it asks you for the certificate.
This question was on my exam today
Thanks for that!
1. install a certificate
2. enable device registration
3. install and configure ADFS
4. create a claims provider trust
See:
See
https://azure.microsoft.com/en-us/documentation/articles/active-directory-conditional-access-on-premises-setup/?rnd=1
and
https://technet.microsoft.com/en-us/library/dn280933.aspx
Correct!
https://technet.microsoft.com/windows-server-docs/identity/ad-fs/operations/set-up-the-lab-environment-for-ad-fs-in-windows-server-2012-r2
Did this in my lab today and used the question above. I noted the steps I had to take to complete the Workspace Join on my AD FS.
1. Install and configure ADFS
2. Install a certificate from a trusted third-party certification authority (CA)
3. Create a claims provider trust
4. Enable device registration
A little bit confusing.
First step install instead of obtain a server SSL certificate for ADFS. Also last step install and configure WAP and WAP also need SSL cerificte