You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure
uses Active Directory as the attribute store.
Some users report that they fail to authenticate to the AD FS infrastructure.
You discover that only users who run third-party web browsers experience issues.
You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully.
Which Windows PowerShell command should you run?

A.
Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00

B.
Set-ADFSProperties -AddProxyAuthenticationRules None

C.
Set-ADFSProperties -SSOLifetime 1:00:00

D.
Set-ADFSProperties -ExtendedProtectionTokenCheck None

Explanation:
Certain client browser software, such as Firefox, Chrome, and Safari, do not support the Extended
Protection for Authentication capabilities that can be used across the Windows platform to protect
against man-in-the-middle attacks. To prevent this type of attack from occurring over secure AD FS
communications, AD FS 2.0 enforces (by default) that all communications use a channel binding
token (CBT) to mitigate against this threat.
Note: Disable the extended Protection for authentication
To disable the Extended Protection for Authentication feature in AD FS 2.0
On a federation server, login using the Administrator account, open the Windows PowerShell
command prompt, and then type the following command:
Set-ADFSProperties –ExtendedProtectionTokenCheck None
Repeat this step on each federation server in the farm.

Configuring Advanced Options for AD FS 2.0