Does this meet the goal?

You plan to allow users to run internal applications from outside the company’s network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role installed.
You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows 8.1 or iOS 8 devices.
Solution: You install a local instance of MFA Server and connect it your Microsoft Azure MFA provider. Then, you use the Workplace Join process to
configure access for personal devices to the on-premises resources.
Does this meet the goal?

You plan to allow users to run internal applications from outside the company’s network.
You have a Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role installed.
You must secure on-premises resources by using multi-factor authentication (MFA).
You need to design a solution to enforce different access levels for users with personal Windows 8.1 or iOS 8 devices.
Solution: You install a local instance of MFA Server and connect it your Microsoft Azure MFA provider. Then, you use the Workplace Join process to
configure access for personal devices to the on-premises resources.
Does this meet the goal?

A.
Yes

B.
No

Explanation:
Setting up on-premises conditional access using Azure Active Directory Device Registration
https://azure.microsoft.com/en-gb/documentation/articles/active-directory-conditionalaccess-on-premises-setup/

← Previous question

Next question →

Leave a Reply 6

no

B: NO
You need Intune to do this.

Reply

no

Han has corrected me, this seems to be Yes.

My apologies for putting so many comments without links in this version. I did put some in v3 and I haven’t had time to go back and do the same for this version and I was going from memory.

Reply

Han Solo

Setting up on-premises conditional access using Azure Active Directory Device Registration
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-device-registration-on-premises-setup

Does only mention Workplace join and ADFS as a req for Conditional Access. Other req is MFA.

I think from this whole serie the only good answer is:

You install a local instance of MFA Server and connect it your Microsoft Azure MFA provider. Then, you use the Workplace Join process to configure access for personal devices to the on-premises resources.

Reply

Sjoerd

But is it still a “enforce different access levels ” , you still need intune for that and they are not installing that, so wouldnt it be a NO

Reply

cacrtercr11

Here is an article that says Intune is not thought of as an access control method for corporate data.

https://docs.microsoft.com/en-us/intune/introduction-intune

Reply

Sjoerd Stefma

Answer: NO

Windows domain-joined devices. Managed by System Center Configuration Manager (in the current branch) deployed in a hybrid configuration.
Windows 10 Mobile work or personal devices. Managed by Intune or by a supported third-party mobile device management system.
iOS and Android devices. Managed by Intune.

Source: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access

Reply