Your network contains an Active Directory domain named contoso.com. The domain contains
servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active
Directory Federation Services server role installed.Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single
Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)
A.
Enable the Device Registration Service in Active Directory.
B.
Publish the Device Registration Service by using a Web Application Proxy.
C.
Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D.
Install the Work Folders role service on Server2.
E.
Create and configure a sync share on Server2.
Explanation:
*Prepare your Active Directory forest to support devices
This is a one-time operation that you must run to prepare your Active Directory forest to support
devices.
To prepare the Active Directory forest
On your federation server, open a Windows PowerShell command window and type:
Initialize-ADDeviceRegistration
*Enable Device Registration Service on a federation server farm node
To enable Device Registration Service
1.On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
2.Repeat this step on each federation farm node in your AD FS farm.
A and C is correct. More info: https://technet.microsoft.com/en-us/library/dn486831.aspx
B is discounted because…
You do not need to publish the Device Registration Service to the Web Application Proxy. The Device Registration Service will be available through the Web Application Proxy once it is enabled on a federation server. You may need to complete this procedure to update the Web Application Proxy configuration if it was deployed prior to enabling the Device Registration Service.
0
0
On test
0
0