Your network contains an Active Directory domain named contoso.com.
The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2.
Server1 has the Active Directory Federation Services server role installed.
Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using
Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
Enable the Device Registration Service in Active Directory.
B.
Publish the Device Registration Service by using a Web Application Proxy.
C.
Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D.
Create and configure a sync share on Server2.
E.
Install the Work Folders role service on Server2.
Explanation:
* Workplace Join leverages a feature included in the Active Directory Federation Services (AD
FS) Role in Windows Server 2012 R2, called Device Registration Service (DRS). DRS provisions
a device object in Active Directory when a device is Workplace Joined. Once the device object is
in Active Directory, attributes of that object can be retrieved and used to provide conditional
access to resources and applications. The device identity is represented by a certificate which is
set on the personal device by DRS when the device is Workplace Joined.
* In Windows Server 2012 R2, AD FS and Active Directory Domain Services have been extended
to comprehend the most popular mobile devices and provide conditional access to enterprise
resources based on user+device combinations and access policies. With these policies in place,
you can control access based on users, devices, locations, and access times.