Microsoft 70-346 Exam

You need to configure AD FS to prevent external clients from being authenticated by using AD FS. What should you add in AD FS?

Your company has an Office 365 subscription that is configured for single sign-on (SSO) to an on-premises deployment of Active Directory.
After a security breach, management at the company decides that only clients from the internal corporate network can be authenticated by using Active Directory
Federation Services (AD FS).
You need to configure AD FS to prevent external clients from being authenticated by using AD FS.
What should you add in AD FS?

  • A. a claims provider trust
  • B. a relying party trust
  • C. a claim rule
  • D. a non-claims-aware relying party trust
Answer: Option B.
Explanation: 

Access control in AD FS is implemented with issuance authorization claim rules that are used to issue a permit or deny claims that will determine whether a user or a group of users will be allowed to access AD FS-secured resources or not. Authorization rules can only be set on relying party trusts. So you need to add a relying party trust to AD FS.
References: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-risk-with-conditional-access-control

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker
error: Alert: Content is protected !!