Welcome!

Mobile IoT Authors: Rostyslav Demush, Liz McMillan, Elizabeth White, Kevin Benedict, Ed Featherston

Related Topics: Microsoft Cloud, Mobile IoT, Microservices Expo, Containers Expo Blog, Silverlight, Agile Computing

Microsoft Cloud: Blog Post

Why Windows Server 2012 R2: Step-by-Step Workplace Join

Bringing Peace of Mind for BYOD

In Kevin Remde's post this week he talked about many new features for Windows Server 2012 R2 Active directory.  You can find his great post here: What’s New for Active Directory in Server 2012 R2.  One of the new functionalities he mentioned was Workplace Join.  Workplace join allows you to deal with the explosion of devices (Windows and Non-Windows (like iOS) connecting to your organization.  This has you constantly trying to maintain your organizations compliance and security.  Especially with users located all around the world across multiple platforms and devices this is a challenge.

imageIf this sounds like you currently or is soon going to be you then you will want to check out Workplace join.  Workplace join allows users to register devices (including IOS) for single sign-on and access to corporate data.  In today’s article I am going to take a look at how to set this feature up step by step.

This feature does require Windows Server 2012 R2, and you will need to configure Active Directory and Active Directory Federation Services to make this work.  Additionally you will need to create an Enterprise Certificate Authority for the certificates you will need for this service to work properly.  Overall the process is straight forward, but you will need to make sure you dot all your I’s and cross your T’s.  For my environment, I created 4 separate virtual machines to test this out.  I created an AD DC, AD FS server, a Web Server (for testing) and a Windows 8,1 client.  The full configuration and the test application for this configuration can be found here, it is an excellent article: Set up the lab environment for AD FS in Windows Server 2012 R2

Configure the Domain Controller
On the DC you will need to make a Globally Managed Service Account (GMSA).  The GMSA account is required during the AD FS installation and configuration.

  1. Open a PowerShell command window and type:
    Add-KdsRootKey –EffectiveTime (Get-Date).AddHours(-10)

    New-ADServiceAccount FsGmsa -DNSHostName adfs1.contoso.com -ServicePrincipalNames http/adfs1.contoso.com

Note:  This command is for a domain name contoso.com and if your ADFS server is named adfs1.

Configure Your Certificate
When you configure your domain controller you will also want to add and configure the certificate authority services.  Here is a great article for this process here: Configure SSL/TLS  on a Web site in the domain with an Enterprise CA.  However, when you create the certificate you will want to allow for…Also check John’s video out below for a little more detail on how the certificates work.  This is also something you want to make sure you follow closely.

cert

Configure Active Directory Federation Services
On the AD FS server you will need to enroll the certificate from the article above on configuring your Enterprise CA.  When you bring the cert in you will want to make sure you configure it with the follow attributes

  • Subject Name (CN): adfs1.contoso.com
  • Subject Alternative Name (DNS): adfs1.contoso.com
  • Subject Alternative Name (DNS): enterpriseregistration.contoso.com

After you have configure your certificate you need to add the ADFS role

  1. Log onto the server using the domain administrator account ([email protected]).
  2. Open Server Manager. To do this, click Server Manager on the Start screen, or Server Manager in the taskbar on the desktop. In the Quick Start tab of the Welcome tile on the Dashboard page, click Add roles and features. Alternatively, you can click Add Roles and Features on the Manage menu.
  3. On the Before you begin page, click Next.
  4. On the Select installation type page, click Role-based or feature-based installation, and click Next.
  5. On the Select destination server page, click Select a server from the server pool, verify that the target computer is highlighted, and then click Next.
  6. On the Select server roles page, click Active Directory Federation Services, and then click Next.
  7. On the Select features page, click Next.
  8. On the Active Directory Federation Service (AD FS) page, click Next.
  9. After you verify the information on the Confirm installation selections page, select the Restart the destination server automatically if required check box, and then click Install.
  10. On the Installation progress page, verify that everything installed correctly, and then click Close.

After the role is installed you will need to configure the service.  On the Server Manager Dashboard page, click the Notifications flag, and then click Configure the federation service on the server This is for a domain name confoso,com and an ADFS server named adfs1.

  1. The Active Directory Federation Service Configuration Wizard is launched.1.On the Welcome page, select Create the first federation server in a federation server farm and click Next.
  2. On the Connect to AD DS page, specify an account with domain administrator permissions for the contoso.com AD domain that this computer is joined to and then click Next.
  3. On the Specify Service Properties page, do the following and then click Next:
    • Import the SSL certificate that you have obtained earlier. This is the required service authentication certificate. Browse to the location of your SSL certificate.
    • Provide a name for your federation service, type adfs1.contoso.com. This is the same value you provided when enrolling an SSL certificated in AD CS.
    • Provide a display name for your federation service, type, Contoso Corporation.
  4. On the Specify Service Account page, select Use an existing domain user account or group Managed Service Account and then specify the GMSA account (fsgmsa) you created when setting up the domain controller.
  5. On the Specify Configuration Database page, select Create a database on this server using Windows Internal Database and then click Next.
  6. On the Review Options page, verify your configuration selections and click Next.
  7. On the Pre-requisite Checks page, verify that all pre-requisite checks were successfully completed, and then click Configure.
  8. On the Results page, review the results and whether the configuration has completed successfully, and then click Next steps required for completing your federation service deployment.

You will also need to run some PowerShell commands and configurations to finish the ADFS configuration.  In a PowerShell command window run the following commands:

Initialize-ADDeviceRegistration

When prompted for a service account, type contoso\fsgmsa$ (Or whatever account you created)

Enable-AdfsDeviceRegistration

device

NEXT STEP IMPORTANT: After you have run the PowerShell command on your ADFS server open the AD FS Management console.  Navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the checkbox next to Enable Device Authentication and then click OK.

Lastly, you will need to make sure you have the following DNS records for the Device Registration Services.

Entry

Type

Address

adfs1

A

IP address of the AD FS server

enterpriseregistration

Alias (CNAME)

adfs1.contoso.com

You can use the following procedure to add a host (A) resource records to corporate DNS for federation server and the device registration service.

  1. On DC1, from Server Manager, from the Tools menu, click DNS to open the DNS snap-in.
  2. In the console tree, expand DC1, expand Forward Lookup Zones, right-click contoso.com, and then click New Host (A or AAAA).
  3. In Name, type the name you will use for your AD FS farm, for this walkthrough, type adfs1.
  4. In IP address, type the IP address of the ADFS1 server. Click Add Host.
  5. Right-click contoso.com, and then click New Alias (CNAME).
  6. In the New Resource Record dialog box, type enterpriseregistration in the Alias name box.
  7. In the Fully Qualified Domain Name (FQDN) of the target host box, type adfs1.contoso.com and click OK.

Configure Windows Client

  1. Log on to your Windows 8 Client with your Microsoft account.
  2. On the Start screen, open the Charms bar and then select the Settings charm. Select Change PC Settings.
  3. On the PC Settings page, select Network and then click Workplace.
  4. In the Enter your UserID to get workplace access or turn on device management box, type <login name>@<domain.com> and then click Join.
  5. When prompted for credentials, type your domain credentials and Click OK.
  6. You should now see the message: This device has joined your workplace network.

If you want to learn how to set this up for your iOS devices check out this article: Walkthrough Guide- Workplace Join with an iOS Device

As you can see there a lot of moving parts to get this in working, and from my experience you want to make sure you get the certificates correct or you will be troubleshooting into the late evening.  Smile

If you want to see this in action, check out this great video by John Savill:

For the full list in the series:  Windows Server 2012 R2 Launch Blog Series Index #WhyWin2012R2

More Stories By Matt Hester

Matt Hester is a Senior Information Technology Professional Evangelist for Microsoft. Matt has been involved in the IT Pro community for over 20 years. Matt is a skilled and experienced evangelist presenting to audiences nationally and internationally. Prior to joining Microsoft Matt was a highly successful Microsoft Certified Trainer for over 8 years. After joining Microsoft, Matt has continued to be heavily involved in IT Pro community as an IT Pro Evangelist. In his role at Microsoft Matt has presented to audiences in excess of 5000 and as small as 10. Matt has written 4 articles for TechNet magazine. In addition Matt has published 3 books:

You can contact Matt off his blog at http://aka.ms/matthester

@ThingsExpo Stories
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessio...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
Announcing Poland #DigitalTransformation Pavilion
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
CloudEXPO | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution. In his session at @ThingsExpo, Akvelon expert and IoT industry leader Sergey Grebnov provided an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, added the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor analytic...