3 dages virtuelt kursus

Virtual Masterclass: Administering and Configuring Active Directory Federation Services and Claims

Active Directory Federation Services og Claims workshop er den bedste måde at lære at implementere den mest forretningsorienterede serverrolle. Kurset har fokus på implementeringsscenarier, herunder praksis i de nyeste teknologier og løsninger, som leveres med Windows Server 2019. Undervisningen foregår på engelsk.



Alle arrangementer på Teknologisk Institut bliver evalueret af deltagerne. Stjernerne angiver deltagernes gennemsnitlige tilfredshed.

Evalueringen er baseret på: 15 besvarelser

Form virtual delivery

Before you participate on a virtual course, we always try to arrange a 15-20 minute test session with the participants a week before to make sure that everyone is capable to attend the Masterclass. Below you will find the technical requirements for connecting to the virtual training:
  • A computer with a stable internet connection (preferably Windows or Mac OS)
  • Permissions for outgoing RDP connections to external servers (to our lab environment) – port 3389
  • A headset (headphones + microphone)
  • Webcam (built-in or plug-in)
  • Additional monitor will be helpful but it’s not required

Federated Identity and claims based applications are becoming more and more popular

They simplify the resource access both for your employees and business partners. When the world becomes more focused on solving ‘Bring Your Own Device’ issues, it is time to become more up to date with the newest technology capabilities: Active Directory Federation Services and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide conditional access and access policies. With these policies in place, you can control access based on users, devices, locations, and access times. Come and learn how to establish partnerships with your business parties, how to implement Single Sign On to access corporate resources, how to manage access to devices and how to implement capabilities to work from anywhere in the world!


Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.


To attend this training, you should have good hands-on experience in administering Windows infrastructure.


  • Design AD Federation Services infrastructure and identify the implementation requirements
  • Deploy AD Federation Services to provide claims-aware authentication in a single organization
  • Implement AD Federation Services high availability
  • Deploy Web Application Proxy (previous: AD Federation server proxy) to securely publish web applications
  • Deploy Device Registration Service to enable control of user devices
  • Deploy Claims-enabled ACLs on File Servers


Module 1
  • Introduction
  • What are Claims
  • Dynamic Access Control
  • Lab (Dynamic Access Control in 2016)
  • Lab [Optional] (DAC and Groups)
Module 2
  • What are current authentication mechanism in use
  • LAB Working with SPN
  • Services Accounts – threats and gMS
  • Lab - Enabling gMSA Creation
  • Lab (Optional) – service credentials recovery (Windows)
  • Lab(Optional) – IIS app pool password recovery
  • PKI – Quick Overview of certification services – internal and 3rd party
  • LAB – requesting certificates
  • LAB: Installing ADFS
Module 3
  • Designing Modern Authentication
  • ADFS Overview
  • LAB (Optional/demo) – Installing ADFS Cluster
Module 4
  • Working with ADFS - enable applications
  • LAB - Install Simple Claims applications
  • LAB(Optional) – verify application config
  • ADFS Basics – Rules and Rule flow
  • Lab – Configuring Issuing rules
Module 5
  • Thick applications, and working with multiple Relaying Parties
  • LAB - Configuring Dynamics CRM
  • LAB - Testing with Outlook
  • LAB (Optional)
  • Attribute Stores
  • LAB – configuring application Store
  • LAB – configuring authorization rules
  • LAB (optional) – using groups in authorization rules
Module 6
  • Web Application Proxy
  • LAB – installing WAP
  • LAB – configuring ADFS publishing
  • LAB – configuring Claims-aware application
  • LAB (optional) – Configure via application
  • LAB (Optional) – configure pass-through application
Module 7
  • Customizing ADFS
  • LAB: ADFS Customization
  • Troubleshooting ADFS
  • LAB: ADFS Troubleshooting
  • Working with MFA
Module 8
  • Enabling Device Registration Service
  • LAB: Enabling Device Registration Service and working with claims
  • Summary and review
  • Exchange and claims (Additional content)
  • SharePoint and claims (Additional content)
  • WorkFolders (additional content)


All exercises are based on Windows Server 2019, Windows 10.


Exercises, presentation slides with notes.

Next step

Masterclass: Managing Active Directory Federation Services for Multiple Organization

CPE Point (Continuing professional education)

It will be possible to earn CPE points after completion this course.


Mike Jankowski-Lorek is a solution architect, developer, data scientist and security expert with more than 12-years’ experience in the field. He designs and implements solutions for Databases, Network & Management area, mainly for Microsoft platform for medium to enterprise level organizations. Mike holds multiple certifications, especially security, database and software development related. He is one of core Experts at CQURE and holds a PhD in Computer Science.

Har du faglige spørgsmål, så kontakt:
Andre kigger også på