Which two actions should you perform on Server1?

Your network contains an Active Directory domain named contoso.com. The domain
contains a member server named Server1 that has the Active Directory Federation Services
server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of
the solution. Choose two.)

Your network contains an Active Directory domain named contoso.com. The domain
contains a member server named Server1 that has the Active Directory Federation Services
server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of
the solution. Choose two.)

A.
Run Enable AdfsDeviceRegistration -PrepareActiveDirectory.

B.
Edit the multi-factor authentication global authentication policy settings.

C.
Edit the primary authentication global authentication policy settings.

D.
Run Set-AdfsProxyPropertiesHttpPort 80.

E.
Run Enable-AdfsDeviceRegistration.

Show Hint

Leave a Reply 7

Your email address will not be published. Required fields are marked *

mina

mina

I think it should be C & E

Reply

kamisama

kamisama

I agree, C & E

Reply

Ben

Ben

From Step 10. on http://blogs.technet.com/b/keithmayer/archive/2013/11/09/why-r2-step-by-step-solve-byod-challenges-with-workplace-join.aspx

Configure the Device Registration Service on adfs1.contoso.com.

Open a PowerShell command window and run the following command-line:

Initialize-ADDeviceRegistration

When prompted for a service account, type contoso\fsgmsa$

In the open PowerShell command window, run the following command-line:

Enable-AdfsDeviceRegistration
In the AD FS Management console, navigate to Authentication Policies.

Select Edit Global Primary Authentication.

Select the checkbox next to Enable Device Authentication and then click OK.

Reply

Alexandre Ferreira

Alexandre Ferreira

Correct Answer: CE
* To enable Device Registration Service On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm..
Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and
applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a `known’ device and
administrators can use this information to drive conditional access and gate access to resources. To enable seamless second factor authentication,
persistent single sign-on (SSO) and conditional access for Workplace Joined devices
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable
Device Authentication, and then click OK.

Reply