AD FS Operations
Important
Instead of upgrading to the latest version of AD FS, Microsoft highly recommends migrating to Microsoft Entra ID. For more information, see Resources for decommissioning AD FS
This document contains a list of all of the documentation operations for AD FS.
Service Configuration
- Update SSL Certificates in AD FS and WAP 2016
- AD FS Rapid Restore Tool
- Configure alternate hostname binding for certificate authentication in AD FS
- Add an Attribute Store
- Customize HTTP security response headers with AD FS 2019
- Delegate AD FS Powershell Commandlet Access to Non-Admin Users
- Fine tune SQL and address latency
- AlwaysOn Availability Groups
- What is KDFv2?
Authentication Configuration
Strong Authentication (MFA) & Password-less
- Configure External Authentication providers as primary in AD FS (2019 or later)
- Configure AD FS (2016 or later) and Azure MFA
- Configure Additional Authentication Methods for AD FS
Lockout protection
- Configure AD FS Extranet Soft Lockout Protection
- Configure AD FS Extranet Smart Lockout Protection
- Configure AD FS Extranet Banned IPs
Policy Configuration
- Configure Authentication Policies
- Configuring Alternate Login ID
- Configure Microsoft Entra prompt login behavior to work with AD FS policy
Kerberos & Certificate authentication
- Enable AD DS claims & kerberos compound authentication in AD FS
- Configure AD FS for User Certificate Authentication
- Configure alternate hostname binding for certificate authentication in AD FS
Device
Authorization Configuration
RPT & CPT configuration
- Configure AD FS to authenticate users stored in LDAP directories
- Configure Claim Rules
- Create a Claims Provider Trust
- Create a Non-Claims Aware Relying Party Trust
- Create a Relying Party Trust
- Configure AD FS to work with Aggregated federation provider (e.g. InCommon)
Sign-in Experience Configuration
- Configure AD FS 2016 Single Sign On Settings
- Configure AD FS Paginated sign-in
- Configure AD FS user sign-in customization
- Configure AD FS to Send Password Expiry Claims
- Configure intranet forms-based authentication for devices that do not support WIA
Other
- Join to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across Company Applications
- Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications
- Manage Risk with Conditional Access Control
- Set up an AD FS lab environment
- Walkthrough Guide: Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications
- Walkthrough Guide: Manage Risk with Conditional Access Control
- Walkthrough: Workplace Join with a Windows Device
- Walkthrough: Workplace Join with an iOS Device