Nice Video dear! Thank you very much.

Your videos are very useful to know the ADFS and one more thing can u upload the video about single sign on in adfs with GSuite

Nice Video! Thanks

Can the p$ commands be ran w/o selecting Azure MFA from the gui in adfs? I'll be migrating from RSA to Azure MFA and was hoping not to have an operational impact with our current MFA policies for internet facing clients.

Do we have to create User certificate in ADCS from a template or we can get it automatically?

Can azure cloud MFA be used with adfs as identity profile by making using of enterprise application and setting conditional access?

Can i have Forms-Based and Windows Based Authentication for Intranet. If yes, then what will be the user experience while they login.

What's the role of token encryption certificate here. I understand that this certificate is needed if u have claim provider as ADFS, then the token which send by account partner claim provider trust is encrypted by private key of token encryption cert and using the public key of same cert its decryption by other adfs before sending it to application.

Hi, What checks are done on the Client Authentication Certificate here ? Does it only checks the EKU for 'Client Authentication' and grants access or does it also do other checks as well like UPN , Issuer and others.

@ConceptsWork

4 жыл бұрын

All the propeties are verified, this a user cert. Issuer as well as UPN embedded in SAN value is verified.

How can we configure multifactor authentication with Adfs and Exchange server 2016 (OWA).

Super cool, I just skipped few videos in series due to time constraint hence asking this quick question could you please confirm adcs certificate pushing role is installed in the server if yes is it separate server or it is on same adfs server,, I'm sorry if my question is unclear since I'm beginner with Mcse concepts.

@ConceptsWork

5 жыл бұрын

Thanks Shafiq for your response. In my lab, I have used different servers for ADFS and ADCS respectively. Then I have manually requested a user certificate from client machine. Once the certificate was enrolled on client machine, I tried authenticating again and it was working as expected. Regards, Rishabh

@DailyLearnings1

5 жыл бұрын

@@ConceptsWork thanks so much for prompt response, I'll soon be building lab around this and would like to do something similar Following is the list of components I'll be including kindly review and suggest accordingly 1. AD 2. ADCS 3. ADFS 4. PUBLIC DOMAIN 5. O365 Thanks, Shafiq

@DailyLearnings1

5 жыл бұрын

Completely irrelevant Do you have have any super document or article or video that can provide me hands on or atleast deeper dive theoretically for rds (Cal)

@ConceptsWork

5 жыл бұрын

Yes these are basic components that you would require to begin with the lab.

I have ADFS 2016, using certificate as MFA for all applications. I want to configure Azure MFA as second factor authentication for few ADFs application. Does this possible in ADFS enabling two different MFA method? Certificate and AzureMFA.

@ConceptsWork

4 жыл бұрын

Please check this article - docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-authentication-policies

Nice video, how the certificate is setup in PKI back end for user

@ConceptsWork

4 жыл бұрын

I have used Interal CA, and user certificate template was enabled for all the users.

Hi, Feedback is always positive... the more i watch your videos more questions arise in my mind... What these 3 commends did, if we donot want to run the cmd how we can do it manually... i am asking this because we shouls also be aware that how can setup this without cmdlets.

@ConceptsWork

4 жыл бұрын

Good question! As of now this is only supported by powershell commands.

Again a Great Video, Can u please explain more about the Commands that you ran for Azure MFA because I am having few confusions with ClientId and stuff. Is there are video which explains ClientID stuff if not can u create ? Also one more ques is reg MFA using Cert, Can this be any Cert issued to a user or are there any Certficate requirements?

@ConceptsWork

5 жыл бұрын

You can find more details regarding client id in the below mentioned article;- docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa Regarding Certificate - It must be a user certificate, in my case I have requested user certificate from internal CA.

@aqibmunshi8362

5 жыл бұрын

@@ConceptsWork Thanks for the Response bro,You are awesome. Just wanted to know if there is a possibility you will be creating video of a Case in which an Application Uses Azure as an IDP for Authentication. #EagerlyWaiting

@ConceptsWork

5 жыл бұрын

Hello Aqib, I have created a playlist which has 3 videos and covers the entire consent framework. kzread.info/dash/bejne/fJV3x4-NZdXchps.html Please watch this, if still there is any query which remains unanswered, let me know your requirement. Regards, ConceptsWork

Please make a video on SSO

great video!!! but how to install custom MFA in window server 2016... I finish the installing in server 2012 r2 but the same process is not working in server 2016... is there I need to add any other relay party trust??? or give me the best suggestion

@ConceptsWork

4 жыл бұрын

Windows 2016 comes by default with Azure MFA adapter. docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa

@azartheen428

4 жыл бұрын

@@ConceptsWork i dont need Azure MFA adapter i have completed built my own MFA it will work perfectly on 2012r2 server but not in 2016.... that what I am asking is there need to add relay party? on ADFS 4.0

2:54 The variable name $cert at the beginning of line 3 is different from the variable name $certBase64 at the end of line 4.

@ConceptsWork

3 жыл бұрын

Thanks for finding.

Service principal was not found. Please let me know the solution

the cerficate authentication will work with domain joined computer ( and domain users ) , but what is the solution(with certificate authentication ) if you want to access any application from outside ( you will use non-joined domain pc and non-authenticated user ) , and the same senario if i am using tablet or ipad or mobile ?

@ConceptsWork

4 жыл бұрын

In the use case, I have covered the machine has to be domain joined as it is a user cert which is requested. Also, please find the article mentioned below - blogs.technet.microsoft.com/askds/2010/05/25/enabling-cep-and-ces-for-enrolling-non-domain-joined-computers-for-certificates/

Great Stuff, for azure MFA we need users to be synced to Azure AD, by default Admin accounts are not get synced. If we enabled Azure MFA for the users connecting from internet/externet- how do we remove admin from not being prompt for Az MFA? Or, do we have to Sync our admins as well to azure using adconnect so they can register for MFA too?

@ConceptsWork

4 жыл бұрын

Azure MFA is only supported for the account that are synced to Azure Active Directory.

@raviricky20

4 жыл бұрын

@@ConceptsWork agree, then what about the admin accounts? I think we need to apply conditions to keep admins out of the groups Azure MFA is applied.

@ConceptsWork

4 жыл бұрын

Yes, for all the user accounts for which MFA has to be enabled, we have to sync them to Azure AD.

Hi, where we can find AppPrincipalId and client id which is mentioned in the script?

@ConceptsWork

4 жыл бұрын

The AppPrincipalID will remain same.

I got one more doubt, AD connector tool is required in this for sync of users from AD to azure??

@ConceptsWork

5 жыл бұрын

Yes, the identities On-Prem, must be synced to AAD.

@krishnaprakashratnapalli9606

2 жыл бұрын

@@ConceptsWork : is this possible password hash sync? or only federated domain?

@RaviGupta-rr9rj

2 жыл бұрын

@@krishnaprakashratnapalli9606 for PHS, ADFS will not be in picture.

How to Authenticate Mobile Apps (Xamarin) using ADFS? Do we have any framework or Just we need to load (domain.com/adfs/ls) URL in the browser and do the validation ?

@ConceptsWork

4 жыл бұрын

If your app use Oauth or Openid - You can integrate MSAL with your app - docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-xamarin-android-considerations and then integrate the MSAL with ADFS 2019 - github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/ADFS-support OR You can also use adfs/ls endpoint, if your app uses Ws-fed or SAML.

@rathu88

4 жыл бұрын

@@ConceptsWork First of All Thanks for your quick response. As Suggested Used Microsoft.Identity Client NUGet Package and integrated everything in my Xamarin.Forms App. My only question is where to get SIGNATURE_HASH from AD FS. So that I can use the same in Android Manifest File.

@ConceptsWork

4 жыл бұрын

Check the discovery key link for your adfs. Below mentioned is an example, just replace with your domain name. sts.conceptswork.com/adfs/discovery/keys

@ConceptsWork

4 жыл бұрын

Also, if you are facing issues in validating token, reach me learnconceptswork@gmail.com

@rathu88

4 жыл бұрын

@@ConceptsWork I have emailed you on my queries

How about 2nd ADFS, it can't work with Azure MFA.

@ConceptsWork

11 ай бұрын

When you say 2nd adfs what do you mean by that ?

is it possible to implement Azure MFA on-prem ?

@ConceptsWork

2 жыл бұрын

For on-prem applications, you can use ADFS and then ADFS can initiate MFA (2016 or above)

@MohamedABahloul

2 жыл бұрын

@@ConceptsWork thanks 🎖️