Administering and Configuring Active Directory Federation Services and Claims Training

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

At the end of the course you will be able to:

• Design AD Federation Services infrastructure and identify the implementation requirements
• Deploy AD Federation Services to provide claims-aware authentication in a single organization
• Implement AD Federation Services high availability
• Deploy Web Application Proxy (previous: AD Federation server proxy) to securely publish web applications
• Deploy Device Registration Service to enable control of user devices
• Deploy Claims-enabled ACLs on File Servers

Day 1

Module 1

• Introduction
• What are Claims
• Dynamic Access Control
• LAB: Dynamic Access Control in 2016
• LAB (optional): DAC and Groups

Module 2

• What are current authentication mechanism in use
• LAB: Working with SPN
• Services Accounts – threats and gMS
• LAB: Enabling gMSA creation
• LAB (optional): Service credentials recovery (Windows)
• LAB (optional): IIS app pool password recovery
• PKI: Quick Overview of certification services – internal and 3rd party
• LAB: Requesting certificates
• LAB: Installing ADFS

Day 2

Module 3

• Designing Modern Authentication
• ADFS Overview
• LAB (optional/demo): Installing ADFS Cluster

Module 4

• Working with ADFS – enable applications
• LAB: Install Simple Claims applications
• LAB (optional): Verify application config
• ADFS Basics – Rules and Rule flow
• LAB: Configuring Issuing rules

Module 5

• Thick applications, and working with multiple Relaying Parties
• LAB: Configuring Dynamics CRM
• LAB: Testing with Outlook
• LAB (optional): Testing with Windows 10
• Attribute Stores
• LAB: Configuring application Store
• LAB: Configuring authorization rules
• LAB (optional): Using groups in authorization rules

Day 3

Module 6

• Web Application Proxy
• LAB: Installing WAP
• LAB: Configuring ADFS publishing
• LAB: Configuring Claims-aware application
• LAB (optional): Configure via application
• LAB (optional): Configure pass-through application

Module 7

• Customizing ADFS
• LAB: ADFS Customization
• Troubleshooting ADFS
• LAB: ADFS Troubleshooting
• Working with MFA

Module 8

• Enabling Device Registration Service
• LAB: Enabling Device Registration Service and working with claims
• Summary and review
• Exchange and claims (additional content)
• SharePoint and claims (additional content)
• Work Folders (additional content)