Click here to close now.

Welcome!

Mobile IoT Authors: Elizabeth White, Pat Romanski, Sebastian Bos, Ian Khan, Kevin Benedict

Related Topics: Microsoft Cloud, Mobile IoT, Microservices Expo, Containers Expo Blog, Silverlight, Agile Computing

Microsoft Cloud: Blog Post

Why Windows Server 2012 R2: Step-by-Step Workplace Join

Bringing Peace of Mind for BYOD

In Kevin Remde's post this week he talked about many new features for Windows Server 2012 R2 Active directory.  You can find his great post here: What’s New for Active Directory in Server 2012 R2.  One of the new functionalities he mentioned was Workplace Join.  Workplace join allows you to deal with the explosion of devices (Windows and Non-Windows (like iOS) connecting to your organization.  This has you constantly trying to maintain your organizations compliance and security.  Especially with users located all around the world across multiple platforms and devices this is a challenge.

imageIf this sounds like you currently or is soon going to be you then you will want to check out Workplace join.  Workplace join allows users to register devices (including IOS) for single sign-on and access to corporate data.  In today’s article I am going to take a look at how to set this feature up step by step.

This feature does require Windows Server 2012 R2, and you will need to configure Active Directory and Active Directory Federation Services to make this work.  Additionally you will need to create an Enterprise Certificate Authority for the certificates you will need for this service to work properly.  Overall the process is straight forward, but you will need to make sure you dot all your I’s and cross your T’s.  For my environment, I created 4 separate virtual machines to test this out.  I created an AD DC, AD FS server, a Web Server (for testing) and a Windows 8,1 client.  The full configuration and the test application for this configuration can be found here, it is an excellent article: Set up the lab environment for AD FS in Windows Server 2012 R2

Configure the Domain Controller
On the DC you will need to make a Globally Managed Service Account (GMSA).  The GMSA account is required during the AD FS installation and configuration.

  1. Open a PowerShell command window and type:
    Add-KdsRootKey –EffectiveTime (Get-Date).AddHours(-10)

    New-ADServiceAccount FsGmsa -DNSHostName adfs1.contoso.com -ServicePrincipalNames http/adfs1.contoso.com

Note:  This command is for a domain name contoso.com and if your ADFS server is named adfs1.

Configure Your Certificate
When you configure your domain controller you will also want to add and configure the certificate authority services.  Here is a great article for this process here: Configure SSL/TLS  on a Web site in the domain with an Enterprise CA.  However, when you create the certificate you will want to allow for…Also check John’s video out below for a little more detail on how the certificates work.  This is also something you want to make sure you follow closely.

cert

Configure Active Directory Federation Services
On the AD FS server you will need to enroll the certificate from the article above on configuring your Enterprise CA.  When you bring the cert in you will want to make sure you configure it with the follow attributes

  • Subject Name (CN): adfs1.contoso.com
  • Subject Alternative Name (DNS): adfs1.contoso.com
  • Subject Alternative Name (DNS): enterpriseregistration.contoso.com

After you have configure your certificate you need to add the ADFS role

  1. Log onto the server using the domain administrator account ([email protected]).
  2. Open Server Manager. To do this, click Server Manager on the Start screen, or Server Manager in the taskbar on the desktop. In the Quick Start tab of the Welcome tile on the Dashboard page, click Add roles and features. Alternatively, you can click Add Roles and Features on the Manage menu.
  3. On the Before you begin page, click Next.
  4. On the Select installation type page, click Role-based or feature-based installation, and click Next.
  5. On the Select destination server page, click Select a server from the server pool, verify that the target computer is highlighted, and then click Next.
  6. On the Select server roles page, click Active Directory Federation Services, and then click Next.
  7. On the Select features page, click Next.
  8. On the Active Directory Federation Service (AD FS) page, click Next.
  9. After you verify the information on the Confirm installation selections page, select the Restart the destination server automatically if required check box, and then click Install.
  10. On the Installation progress page, verify that everything installed correctly, and then click Close.

After the role is installed you will need to configure the service.  On the Server Manager Dashboard page, click the Notifications flag, and then click Configure the federation service on the server This is for a domain name confoso,com and an ADFS server named adfs1.

  1. The Active Directory Federation Service Configuration Wizard is launched.1.On the Welcome page, select Create the first federation server in a federation server farm and click Next.
  2. On the Connect to AD DS page, specify an account with domain administrator permissions for the contoso.com AD domain that this computer is joined to and then click Next.
  3. On the Specify Service Properties page, do the following and then click Next:
    • Import the SSL certificate that you have obtained earlier. This is the required service authentication certificate. Browse to the location of your SSL certificate.
    • Provide a name for your federation service, type adfs1.contoso.com. This is the same value you provided when enrolling an SSL certificated in AD CS.
    • Provide a display name for your federation service, type, Contoso Corporation.
  4. On the Specify Service Account page, select Use an existing domain user account or group Managed Service Account and then specify the GMSA account (fsgmsa) you created when setting up the domain controller.
  5. On the Specify Configuration Database page, select Create a database on this server using Windows Internal Database and then click Next.
  6. On the Review Options page, verify your configuration selections and click Next.
  7. On the Pre-requisite Checks page, verify that all pre-requisite checks were successfully completed, and then click Configure.
  8. On the Results page, review the results and whether the configuration has completed successfully, and then click Next steps required for completing your federation service deployment.

You will also need to run some PowerShell commands and configurations to finish the ADFS configuration.  In a PowerShell command window run the following commands:

Initialize-ADDeviceRegistration

When prompted for a service account, type contoso\fsgmsa$ (Or whatever account you created)

Enable-AdfsDeviceRegistration

device

NEXT STEP IMPORTANT: After you have run the PowerShell command on your ADFS server open the AD FS Management console.  Navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the checkbox next to Enable Device Authentication and then click OK.

Lastly, you will need to make sure you have the following DNS records for the Device Registration Services.

Entry

Type

Address

adfs1

A

IP address of the AD FS server

enterpriseregistration

Alias (CNAME)

adfs1.contoso.com

You can use the following procedure to add a host (A) resource records to corporate DNS for federation server and the device registration service.

  1. On DC1, from Server Manager, from the Tools menu, click DNS to open the DNS snap-in.
  2. In the console tree, expand DC1, expand Forward Lookup Zones, right-click contoso.com, and then click New Host (A or AAAA).
  3. In Name, type the name you will use for your AD FS farm, for this walkthrough, type adfs1.
  4. In IP address, type the IP address of the ADFS1 server. Click Add Host.
  5. Right-click contoso.com, and then click New Alias (CNAME).
  6. In the New Resource Record dialog box, type enterpriseregistration in the Alias name box.
  7. In the Fully Qualified Domain Name (FQDN) of the target host box, type adfs1.contoso.com and click OK.

Configure Windows Client

  1. Log on to your Windows 8 Client with your Microsoft account.
  2. On the Start screen, open the Charms bar and then select the Settings charm. Select Change PC Settings.
  3. On the PC Settings page, select Network and then click Workplace.
  4. In the Enter your UserID to get workplace access or turn on device management box, type <login name>@<domain.com> and then click Join.
  5. When prompted for credentials, type your domain credentials and Click OK.
  6. You should now see the message: This device has joined your workplace network.

If you want to learn how to set this up for your iOS devices check out this article: Walkthrough Guide- Workplace Join with an iOS Device

As you can see there a lot of moving parts to get this in working, and from my experience you want to make sure you get the certificates correct or you will be troubleshooting into the late evening.  Smile

If you want to see this in action, check out this great video by John Savill:

For the full list in the series:  Windows Server 2012 R2 Launch Blog Series Index #WhyWin2012R2

More Stories By Matt Hester

Matt Hester is a Senior Information Technology Professional Evangelist for Microsoft. Matt has been involved in the IT Pro community for over 20 years. Matt is a skilled and experienced evangelist presenting to audiences nationally and internationally. Prior to joining Microsoft Matt was a highly successful Microsoft Certified Trainer for over 8 years. After joining Microsoft, Matt has continued to be heavily involved in IT Pro community as an IT Pro Evangelist. In his role at Microsoft Matt has presented to audiences in excess of 5000 and as small as 10. Matt has written 4 articles for TechNet magazine. In addition Matt has published 3 books:

You can contact Matt off his blog at http://aka.ms/matthester

@ThingsExpo Stories
The enterprise market will drive IoT device adoption over the next five years. In his session at @ThingsExpo, John Greenough, an analyst at BI Intelligence, division of Business Insider, analyzed how companies will adopt IoT products and the associated cost of adopting those products. John Greenough is the lead analyst covering the Internet of Things for BI Intelligence- Business Insider’s paid research service. Numerous IoT companies have cited his analysis of the IoT. Prior to joining BI Intelligence, he worked analyzing bank technology for Corporate Insight and The Clearing House Payment...
"ciqada is a combined platform of hardware modules and server products that lets people take their existing devices or new devices and lets them be accessible over the Internet for their users," noted Geoff Engelstein of ciqada, a division of Mars International, in this SYS-CON.tv interview at @ThingsExpo, held June 9-11, 2015, at the Javits Center in New York City.
SYS-CON Events announced today that Secure Infrastructure & Services will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Secure Infrastructure & Services (SIAS) is a managed services provider of cloud computing solutions for the IBM Power Systems market. The company helps mid-market firms built on IBM hardware platforms to deploy new levels of reliable and cost-effective computing and high availability solutions, leveraging the cloud and the benefits of Infrastructure-as-a-Service (IaaS...
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than
SYS-CON Events announced today that ProfitBricks, the provider of painless cloud infrastructure, will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. ProfitBricks is the IaaS provider that offers a painless cloud experience for all IT users, with no learning curve. ProfitBricks boasts flexible cloud servers and networking, an integrated Data Center Designer tool for visual control over the cloud and the best price/performance value available. ProfitBricks was named one of the coolest Clo...
"In the IoT space we are helping customers, mostly enterprises and industry verticals where time-to-value is critical, and we help them with the ability to do faster insights and actions using our platform so they can transform their business operations," explained Venkat Eswara, VP of Marketing at Vitria, in this SYS-CON.tv interview at @ThingsExpo, held June 9-11, 2015, at the Javits Center in New York City.
SYS-CON Events announced today that WHOA.com, an ISO 27001 Certified secure cloud computing company, participated as “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which took place June 9-11, 2015, at the Javits Center in New York City, NY. WHOA.com is a leader in next-generation, ISO 27001 Certified secure cloud solutions. WHOA.com offers a comprehensive portfolio of best-in-class cloud services for business including Infrastructure as a Service (IaaS), Secure Cloud Desktop, Cloud Storage, Disaster Recovery, Integrated Applications and Security.
SYS-CON Events announced today that Intelligent Systems Services will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Established in 1994, Intelligent Systems Services Inc. is located near Washington, DC, with representatives and partners nationwide. ISS’s well-established track record is based on the continuous pursuit of excellence in designing, implementing and supporting nationwide clients’ mission-critical systems. ISS has completed many successful projects in Healthcare, Commercial, Manu...
The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today's IT professional? In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists addressed this very serious issue of profound change in the industry.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
SYS-CON Events announced today that kintone has been named “Bronze Sponsor” of SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. kintone promotes cloud-based workgroup productivity, transparency and profitability with a seamless collaboration space, build your own business application (BYOA) platform, and workflow automation system.
SYS-CON Events announced today that SoftLayer, an IBM company, has been named “Gold Sponsor” of SYS-CON's 17th International Cloud Expo®, which will take place November 3–5, 2015 at the Santa Clara Convention Center in Santa Clara, CA. SoftLayer operates a global cloud infrastructure platform built for Internet scale. With a global footprint of data centers and network points of presence, SoftLayer provides infrastructure as a service to leading-edge customers ranging from Web startups to global enterprises. SoftLayer’s modular architecture, full-featured API, and sophisticated automation pro...
Discussions about cloud computing are evolving into discussions about enterprise IT in general. As enterprises increasingly migrate toward their own unique clouds, new issues such as the use of containers and microservices emerge to keep things interesting. In this Power Panel at 16th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the state of cloud computing today, and what enterprise IT professionals need to know about how the latest topics and trends affect their organization.
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
SYS-CON Events announced today that CommVault has been named “Bronze Sponsor” of SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. A singular vision – a belief in a better way to address current and future data management needs – guides CommVault in the development of Singular Information Management® solutions for high-performance data protection, universal availability and simplified management of data on complex storage networks. CommVault's exclusive single-platform architecture gives companies unp...
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you'll have no problem fillin...
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
The 5th International DevOps Summit, co-located with 17th International Cloud Expo – being held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is corr...
Internet of Things (IoT) will be a hybrid ecosystem of diverse devices and sensors collaborating with operational and enterprise systems to create the next big application. In their session at @ThingsExpo, Bramh Gupta, founder and CEO of robomq.io, and Fred Yatzeck, principal architect leading product development at robomq.io, discussed how choosing the right middleware and integration strategy from the get-go will enable IoT solution developers to adapt and grow with the industry, while at the same time reduce Time to Market (TTM) by using plug and play capabilities offered by a robust IoT ...
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi’s VP Business Development and Engineering, will explore the IoT cloud-based platform technologies driving this change including privacy controls, data transparency and integration of real time context wi...