AD FS Operations

This document contains a list of all of the documentation operations for AD FS.

Service Configuration

• Update SSL Certificates in AD FS and WAP 2016
• AD FS Rapid Restore Tool
• Configure alternate hostname binding for certificate authentication in AD FS
• Add an Attribute Store
• Customize HTTP security response headers with AD FS 2019
• Delegate AD FS Powershell Commandlet Access to Non-Admin Users
• Fine tune SQL and address latency
• AlwaysOn Availability Groups
• What is KDFv2?

Authentication Configuration

Strong Authentication (MFA) & Password-less

• Configure External Authentication providers as primary in AD FS (2019 or later)
• Configure AD FS (2016 or later) and Azure MFA
• Configure Additional Authentication Methods for AD FS

Lockout protection

• Configure AD FS Extranet Soft Lockout Protection
• Configure AD FS Extranet Smart Lockout Protection
• Configure AD FS Extranet Banned IPs

Policy Configuration

• Configure Authentication Policies
• Configuring Alternate Login ID
• Configure Azure AD Prompt login behavior to work with AD FS policy

Kerberos & Certificate authentication

• Enable AD DS claims & kerberos compound authentication in AD FS
• Configure AD FS for User Certificate Authentication
• Configure alternate hostname binding for certificate authentication in AD FS

Device

• Device Authentication Controls in AD FS

Authorization Configuration

• Configure Access Control Policies in AD FS
• Configure Device-based Conditional Access on-Premises

RPT & CPT configuration

• Configure AD FS to authenticate users stored in LDAP directories
• Configure Claim Rules
• Create a Claims Provider Trust
• Create a Non-Claims Aware Relying Party Trust
• Create a Relying Party Trust
• Configure AD FS to work with Aggregated federation provider (e.g. InCommon)

Sign-in Experience Configuration

• Configure AD FS 2016 Single Sign On Settings
• Configure AD FS Paginated sign-in
• Configure AD FS user sign-in customization
• Configure AD FS to Send Password Expiry Claims
• Configure intranet forms-based authentication for devices that do not support WIA

Other

• Join to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across Company Applications
• Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications
• Manage Risk with Conditional Access Control
• Set up an AD FS lab environment
• Walkthrough Guide: Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications
• Walkthrough Guide: Manage Risk with Conditional Access Control
• Walkthrough: Workplace Join with a Windows Device
• Walkthrough: Workplace Join with an iOS Device