HOTSPOT
Your network contains an Active Directory forest named contoso.com. All servers run
Windows Server 2012 R2. The forest contains two servers.
The servers are configured as shown in the following table.
You prepare the forest to support Workplace Join and you enable the Device Registration
Service (DRS) on Server1.
You need to ensure that Workplace Join meets the following requirements:
Application access must be based on device claims.
Users who attempt to join their device to the workplace through Server2 must be prevented
from locking out their Active Directory account due to invalid credentials.
Which cmdlet should you run to achieve each requirement? To answer, select the cmdlet for
each requirement in the answer area.
What would the powershell commands for each of these be ?
https://technet.microsoft.com/en-us/library/dn479384.aspx
https://technet.microsoft.com/en-us/library/ee892317.aspx
I would go with
Set-ADFSGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true
Set-AdfsProperties -EnableExtranetLockout $false
http://blogs.technet.com/b/rmilne/archive/2014/05/05/enabling-adfs-2012-r2-extranet-lockout-protection.aspx – ADFS Lockout Parameters
https://msdn.microsoft.com/en-us/library/azure/dn788908.aspx#BKMK_CreateApplicationAccessPolicy – Authentication Policy sequence of events
Thanks jimi
Also good article here (see section near end of page – Extranet Soft Account Lockout)
http://blog.auth360.net/tag/workplace-join/