The course focuses on implementation scenarios, including practice in the newest technologies and solutions delivered with Windows Server 2012 R2. When the world becomes more focused on solving ‘Bring Your Own Device’ issues, it is time to become more up to date with the newest technology capabilities: Active Directory Federation Services and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide conditional access and access policies. With these policies in place, you can control access based on users, devices, locations, and access times.
Prerequisites
To attend this training you should have good hands-on experience in administering Windows infrastructure.
To attend this training you should have good hands-on experience in administering Windows infrastructure.
Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.
At the end of the course you will be able to:
- Design AD Federation Services infrastructure and identify the implementation requirements
- Deploy AD Federation Services to provide claims-aware authentication in a single organization
- Implement AD Federation Services high availability
- Deploy Web Application Proxy (previous: AD Federation server proxy) to securely publish web applications
- Deploy Device Registration Service to enable control of user devices
- Deploy Claims-enabled ACLs on File Servers
Day 1
Module 1
- Introduction
- What are Claims
- Dynamic Access Control
- LAB: Dynamic Access Control in 2016
- LAB (optional): DAC and Groups
Module 2
- What are current authentication mechanism in use
- LAB: Working with SPN
- Services Accounts – threats and gMS
- LAB: Enabling gMSA creation
- LAB (optional): Service credentials recovery (Windows)
- LAB (optional): IIS app pool password recovery
- PKI: Quick Overview of certification services – internal and 3rd party
- LAB: Requesting certificates
- LAB: Installing ADFS
Day 2
Module 3
- Designing Modern Authentication
- ADFS Overview
- LAB (optional/demo): Installing ADFS Cluster
Module 4
- Working with ADFS – enable applications
- LAB: Install Simple Claims applications
- LAB (optional): Verify application config
- ADFS Basics – Rules and Rule flow
- LAB: Configuring Issuing rules
Module 5
- Thick applications, and working with multiple Relaying Parties
- LAB: Configuring Dynamics CRM
- LAB: Testing with Outlook
- LAB (optional): Testing with Windows 10
- Attribute Stores
- LAB: Configuring application Store
- LAB: Configuring authorization rules
- LAB (optional): Using groups in authorization rules
Day 3
Module 6
- Web Application Proxy
- LAB: Installing WAP
- LAB: Configuring ADFS publishing
- LAB: Configuring Claims-aware application
- LAB (optional): Configure via application
- LAB (optional): Configure pass-through application
Module 7
- Customizing ADFS
- LAB: ADFS Customization
- Troubleshooting ADFS
- LAB: ADFS Troubleshooting
- Working with MFA
Module 8
- Enabling Device Registration Service
- LAB: Enabling Device Registration Service and working with claims
- Summary and review
- Exchange and claims (additional content)
- SharePoint and claims (additional content)
- Work Folders (additional content)