The steps for implementing workplace join are fairly

This preview shows page 138 - 139 out of 242 pages.

The steps for implementing Workplace Join are fairly straightforward but you’ll need three servers to set things up. Here’s a quick summary: 1. You need a domain controller running Windows Server 2012 R2. 2. You need to create a Group Managed Service Account (GMSA) account, which is basically a service account that can be used across a domain environment. 3. You need to obtain a server SSL certificate from a certificate authority (CA) and install it on a second server running Windows Server 2012 R2. 4. You need to install and configure the AD FS role on the second server. 5. You need to enable and configure the Device Registration Service on the second server. 6. You need to perform some additional tasks on your DNS server. 7. You need to install the IIS (Web Server) role and the Windows Identity Foundation feature on a third server running Windows Server 2012 R2. 8. You need to install the Windows Identity Foundation SDK on the third server. 9. You need to perform some additional steps involving IIS configuration and using the AD FS Management console. Now you’re all ready to go. Let’s say a user wants to join his iPhone to your corporate network. Here’s all the user needs to do: 1. Install an SSL certificate on his phone by browsing to a website specified by your administrator. 2. Open Safari on his phone and navigate to a web page by opening a special URL on your corporate network. 3. Log on to the web page using his domain credentials. 4. Accept the prompt to install a profile on his phone. 5. Re-enter his PIN to unlock his phone. That’s basically it and you can find more detail concerning the above steps in the Microsoft TechNet articles listed in the “Learn more” section at the end of this chapter.
Image of page 138

Subscribe to view the full document.

Web Application Proxy CHAPTER 6 127 Multi-factor access control The AD FS server role has been enhanced in Windows Server 2012 R2 to support multi-factor access control that includes user, device, location, and authentication data. The result is that organizations that use AD FS can now control access to network resources based on such things as: User identity Group membership Network location Whether the device is workplace-joined Whether multi-factor authentication (MFA) has been performed Access can be permitted or denied based on any of the above. Multi-factor access control provides organizations with greater flexibility in how they craft their authorization policies. A rich claims language is provided, and Windows PowerShell can be used for more advanced claims scenarios. Other enhancements include: A global authentication policy that can be applied to all applications and services that are secured by AD FS. The global policy can also be used to enable device authentication for seamless second-factor authentication.
Image of page 139
You've reached the end of this preview.
  • Spring '16

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern