Does this meet the goal?

You plan to allow users to run internal applications from outside the company s network. You have a
Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role installed. You
must secure on-premises resources by using multi-factor authentication (MFA). You need to design a
solution to enforce different access levels for users with personal Windows 8.1 or iOS 8 devices.
Solution: You install a local instance of the MFA Server. You connect the instance to the Microsoft
Azure MFA provider and then you use Microsoft Intune to manage personal devices.
Does this meet the goal?

You plan to allow users to run internal applications from outside the company s network. You have a
Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role installed. You
must secure on-premises resources by using multi-factor authentication (MFA). You need to design a
solution to enforce different access levels for users with personal Windows 8.1 or iOS 8 devices.
Solution: You install a local instance of the MFA Server. You connect the instance to the Microsoft
Azure MFA provider and then you use Microsoft Intune to manage personal devices.
Does this meet the goal?

A.
Yes

B.
No



Leave a Reply 6

Your email address will not be published. Required fields are marked *


OSA

OSA

What is missing is configuring Windows Azure Multi-Factor Authentication as an additional authentication method on ADFS.

Intune is used to manage devices, not to enable MFA.
Answer “NO”

https://technet.microsoft.com/en-au/library/dn280946#BKMK_3

puck

puck

ATT: This question is one of a series of similar questions where only the “Solution” changes. the answer to this one appears to always be “No” unless the Solution involves using Windows InTune to manage the personal devices!

AD FS and Azure AD can combine to provide an organization Single-Sign on capabilites, along with the ability to manage and adminstrate Mobile Devices running Windows, Android or even IOS. This is referred to as Federation.

The steps to impement a Federated Infrastructre are:
1. Create a Trust Relationship betwen AD FS and Azure AD.
2. Synchronize ADDS Users with Azure using the dirsync utility.
Those are the basic steps for intial integration with Azure and Office 365. Now we can move on to setting up more advanced features like MultiFactor Authentication and Device Registration.
3. Connect to OR Create a new Multi-Factor Authentication Provider (server) in Azure.
4. Download and install the Multi-Factor Authentication server to your local AD FS server.
5. Configure Azure MultiFactor Authentication as an additional Authentication method (this involves installing the AD FS Adapter.)

Now we have MultiFactor Authentication set up…. how about managing those Mobile Devices??

Windows InTune provides the ability to manage Mobile devices like Android, IOS etc as if they were domain-joined windows client computers. We can use InTune to assign permissions and DIFFERENT ACCESS LEVELS to mobile devices.

https://azure.microsoft.com/en-gb/documentation/articles/active-directory-conditional-access-on-premises-setup/

Puck

Puck

Intune or workgroups

RR

RR

Workgroups ? Do you mean Workplace Join ?

AG

AG

so the answer is “Yes” ???

Kleed

Kleed

Puck’s explainations about setting up MFA is correct.
The question does not ask to manage the devices, just to set up MFA and enforce different access levels –> that last one is not configured on the devices, no need for Intune.