次の方法で共有


7 Appendix B: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

The terms "earlier" and "later", when used with a product version, refer to either all preceding versions or all subsequent versions, respectively. The term "through" refers to the inclusive range of versions. Applicable Microsoft products are listed chronologically in this section.

The following tables show the relationships between Microsoft product versions or supplemental software and the roles they perform.

Windows Client releases

Client role

Server role

Windows 7 operating system

Yes

No

Windows 8 operating system

Yes

No

Windows 8.1 operating system

Yes

No

Windows 10 operating system

Yes

No

Windows 11 operating system

Yes

No

Windows Server releases

Client role

Server role

Windows Server 2008 operating system

Yes

No

Windows Server 2008 R2 operating system

Yes

No

Windows Server 2012 operating system

Yes

No

Windows Server 2012 R2 operating system

Yes

Yes

Windows Server 2016 operating system

Yes

Yes

Windows Server operating system

Yes

Yes

Windows Server 2019 operating system

Yes

Yes

Windows Server 2022 operating system

Yes

Yes

Windows Server 2025 operating system

Yes

Yes

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 1.6:  Support for the OAuth 2.0 protocol in AD FS is available in Windows Server 2012 R2 and later.

<2> Section 1.6:  OAuth 2.0 clients running on Windows 8.1 and later implement these mandatory extensions by default.

OAuth 2.0 clients running on Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 implement these mandatory extensions if [MSFT-WKPLJOIN] is installed. However, even with [MSFT-WKPLJOIN] installed, these products support only the resource and resource_params URI parameters.

<3> Section 2.2.2:  The prompt parameter is not supported on Windows Server 2012 R2 unless [MSKB-3172614] is installed. Even with [MSKB-3172614] installed, the "none" value for the parameter is not supported on Windows Server 2012 R2.

The prompt parameter is not supported on Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012.

<4> Section 2.2.2:  Even though AD_FS_BEHAVIOR_LEVEL_2 is supported on Windows Server 2016, the amr_values parameter is ignored on Windows Server 2016 unless [MSKB-4022723] is applied.

<5> Section 2.2.2:  Even though AD_FS_BEHAVIOR_LEVEL_3 is supported on Windows Server 2016, the mfa_max_age parameter is supported on Windows Server 2016 only if [MSKB-4088889] is installed.

<6> Section 2.2.3: Even though AD_FS_BEHAVIOR_LEVEL_2 is supported on Windows Server 2016, the tbidv2 parameter is ignored on Windows Server 2016 unless [MSKB-4034658] is applied.

<7> Section 2.2.4: [RFC8628] is supported in Windows Server v1809 operating system and later and in Windows Server 2019 and later. It is also supported in Windows Server 2016 if [MSKB-4457127] is installed.

<8> Section 3.1: [RFC8628] is supported in Windows Server v1809 and later and in Windows Server 2019 and later. It is also supported in Windows Server 2016 if [MSKB-4457127] is installed.

<9> Section 3.2.1.1:  The following table shows what values ad_fs_behavior_level can be set to on applicable Windows Server releases.

Operating System

ad_fs_behavior_level values supported

Windows Server 2012 R2

AD_FS_BEHAVIOR_LEVEL_1

Windows Server 2016

AD_FS_BEHAVIOR_LEVEL_1,

AD_FS_BEHAVIOR_LEVEL_2,

AD_FS_BEHAVIOR_LEVEL_3

Windows Server operating system

AD_FS_BEHAVIOR_LEVEL_1,

AD_FS_BEHAVIOR_LEVEL_2,

AD_FS_BEHAVIOR_LEVEL_3

Windows Server 2019

AD_FS_BEHAVIOR_LEVEL_1,

AD_FS_BEHAVIOR_LEVEL_2,

AD_FS_BEHAVIOR_LEVEL_3,

AD_FS_BEHAVIOR_LEVEL_4

<10> Section 3.2.5: [IETFDRAFT-DEVICEFLOW-11] is supported in Windows Server v1809 and later and in Windows Server 2019 and later. It is also supported in Windows Server 2016 if [MSKB-4457127] is installed.

<11> Section 3.2.5: The device authorization endpoint is available in Windows Server v1809 and later and in Windows Server 2019 and later. It is also available in Windows Server 2016 if [MSKB-4457127] is installed.

<12> Section 3.2.5.2.1.3:  Windows implementations return an access token for the resource given in this request even if the provided refresh token is not a multi-resource refresh token.