Your company has an Office 365 subscription that is configured for single sign-on (SSO) to an on-premises deployment of Active Directory.
After a security breach, management at the company decides that only clients from the internal corporate network can be authenticated by using Active Directory Federation Services (AD FS).
You need to configure AD FS to prevent external clients from being authenticated by using AD FS.
What should you add in AD FS? or deny claims that will determine whether a user or a group of users will be allowed to access AD FS-secured resources or not. Authorization rules can only be set on relying party trusts. So you need to add a relying party trust to AD FS. conditional-access-control
A.
a claims provider trust
B.
a relying party trust
C.
a claim rule
D.
a non-claims-aware relying party trust
Explanation:
Access control in AD FS is implemented with issuance authorization claim rules that are used to issue a permit
References: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-risk-with-
Answer should be C) Claim rule.
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-risk-with-conditional-access-control
1
0
Answer should be C) Claim rule.
1
0
We never touch the Relaying party Trust for scope of authentication, we have to instruct the Relaying Party Trust to send correct claims (Claim Rules) to the Relaying party(Azure AD)
Answer is C
It does not make sense at all to modify the trust in that level,
However there is one option that is missing here which is ADFS global configuration that we can uncheck external requests,
2
0