Administering and Configuring Active Directory Federation Services and Claims Training

The course focuses on implementation scenarios, including practice in the newest technologies and solutions delivered with Windows Server 2012 R2. When the world becomes more focused on solving ‘Bring Your Own Device’ issues, it is time to become more up to date with the newest technology capabilities: Active Directory Federation Services and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide conditional access and access policies. With these policies in place, you can control access based on users, devices, locations, and access times.

To attend this training you should have good hands-on experience in administering Windows infrastructure.

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

At the end of the course you will be able to:

Design AD Federation Services infrastructure and identify the implementation requirements
Deploy AD Federation Services to provide claims-aware authentication in a single organization
Implement AD Federation Services high availability
Deploy Web Application Proxy (previous: AD Federation server proxy) to securely publish web applications
Deploy Device Registration Service to enable control of user devices
Deploy Claims-enabled ACLs on File Servers

Day 1

Module 1

Introduction
What are Claims
Dynamic Access Control
LAB: Dynamic Access Control in 2016
LAB (optional): DAC and Groups

Module 2

What are current authentication mechanism in use
LAB: Working with SPN
Services Accounts – threats and gMS
LAB: Enabling gMSA creation
LAB (optional): Service credentials recovery (Windows)
LAB (optional): IIS app pool password recovery
PKI: Quick Overview of certification services – internal and 3rd party
LAB: Requesting certificates
LAB: Installing ADFS

Day 2

Module 3

Designing Modern Authentication
ADFS Overview
LAB (optional/demo): Installing ADFS Cluster

Module 4

Working with ADFS – enable applications
LAB: Install Simple Claims applications
LAB (optional): Verify application config
ADFS Basics – Rules and Rule flow
LAB: Configuring Issuing rules

Module 5

Thick applications, and working with multiple Relaying Parties
LAB: Configuring Dynamics CRM
LAB: Testing with Outlook
LAB (optional): Testing with Windows 10
Attribute Stores
LAB: Configuring application Store
LAB: Configuring authorization rules
LAB (optional): Using groups in authorization rules

Day 3

Module 6

Web Application Proxy
LAB: Installing WAP
LAB: Configuring ADFS publishing
LAB: Configuring Claims-aware application
LAB (optional): Configure via application
LAB (optional): Configure pass-through application

Module 7

Customizing ADFS
LAB: ADFS Customization
Troubleshooting ADFS
LAB: ADFS Troubleshooting
Working with MFA

Module 8

Enabling Device Registration Service
LAB: Enabling Device Registration Service and working with claims
Summary and review
Exchange and claims (additional content)
SharePoint and claims (additional content)
Work Folders (additional content)

Upcoming Trainings

Join our public courses in our Istanbul, London and Ankara facilities. Private class trainings will be organized at the location of your preference, according to your schedule.