|By Matt Hester||
|November 3, 2013 06:00 PM EST||
In Kevin Remde's post this week he talked about many new features for Windows Server 2012 R2 Active directory. You can find his great post here: What’s New for Active Directory in Server 2012 R2. One of the new functionalities he mentioned was Workplace Join. Workplace join allows you to deal with the explosion of devices (Windows and Non-Windows (like iOS) connecting to your organization. This has you constantly trying to maintain your organizations compliance and security. Especially with users located all around the world across multiple platforms and devices this is a challenge.
If this sounds like you currently or is soon going to be you then you will want to check out Workplace join. Workplace join allows users to register devices (including IOS) for single sign-on and access to corporate data. In today’s article I am going to take a look at how to set this feature up step by step.
This feature does require Windows Server 2012 R2, and you will need to configure Active Directory and Active Directory Federation Services to make this work. Additionally you will need to create an Enterprise Certificate Authority for the certificates you will need for this service to work properly. Overall the process is straight forward, but you will need to make sure you dot all your I’s and cross your T’s. For my environment, I created 4 separate virtual machines to test this out. I created an AD DC, AD FS server, a Web Server (for testing) and a Windows 8,1 client. The full configuration and the test application for this configuration can be found here, it is an excellent article: Set up the lab environment for AD FS in Windows Server 2012 R2
Configure the Domain Controller
On the DC you will need to make a Globally Managed Service Account (GMSA). The GMSA account is required during the AD FS installation and configuration.
- Open a PowerShell command window and type:
Add-KdsRootKey –EffectiveTime (Get-Date).AddHours(-10)
New-ADServiceAccount FsGmsa -DNSHostName adfs1.contoso.com -ServicePrincipalNames http/adfs1.contoso.com
Note: This command is for a domain name contoso.com and if your ADFS server is named adfs1.
Configure Your Certificate
When you configure your domain controller you will also want to add and configure the certificate authority services. Here is a great article for this process here: Configure SSL/TLS on a Web site in the domain with an Enterprise CA. However, when you create the certificate you will want to allow for…Also check John’s video out below for a little more detail on how the certificates work. This is also something you want to make sure you follow closely.
Configure Active Directory Federation Services
On the AD FS server you will need to enroll the certificate from the article above on configuring your Enterprise CA. When you bring the cert in you will want to make sure you configure it with the follow attributes
- Subject Name (CN): adfs1.contoso.com
- Subject Alternative Name (DNS): adfs1.contoso.com
- Subject Alternative Name (DNS): enterpriseregistration.contoso.com
After you have configure your certificate you need to add the ADFS role
- Log onto the server using the domain administrator account ([email protected]).
- Open Server Manager. To do this, click Server Manager on the Start screen, or Server Manager in the taskbar on the desktop. In the Quick Start tab of the Welcome tile on the Dashboard page, click Add roles and features. Alternatively, you can click Add Roles and Features on the Manage menu.
- On the Before you begin page, click Next.
- On the Select installation type page, click Role-based or feature-based installation, and click Next.
- On the Select destination server page, click Select a server from the server pool, verify that the target computer is highlighted, and then click Next.
- On the Select server roles page, click Active Directory Federation Services, and then click Next.
- On the Select features page, click Next.
- On the Active Directory Federation Service (AD FS) page, click Next.
- After you verify the information on the Confirm installation selections page, select the Restart the destination server automatically if required check box, and then click Install.
- On the Installation progress page, verify that everything installed correctly, and then click Close.
After the role is installed you will need to configure the service. On the Server Manager Dashboard page, click the Notifications flag, and then click Configure the federation service on the server This is for a domain name confoso,com and an ADFS server named adfs1.
- The Active Directory Federation Service Configuration Wizard is launched.1.On the Welcome page, select Create the first federation server in a federation server farm and click Next.
- On the Connect to AD DS page, specify an account with domain administrator permissions for the contoso.com AD domain that this computer is joined to and then click Next.
- On the Specify Service Properties page, do the following and then click Next:
- Import the SSL certificate that you have obtained earlier. This is the required service authentication certificate. Browse to the location of your SSL certificate.
- Provide a name for your federation service, type adfs1.contoso.com. This is the same value you provided when enrolling an SSL certificated in AD CS.
- Provide a display name for your federation service, type, Contoso Corporation.
- On the Specify Service Account page, select Use an existing domain user account or group Managed Service Account and then specify the GMSA account (fsgmsa) you created when setting up the domain controller.
- On the Specify Configuration Database page, select Create a database on this server using Windows Internal Database and then click Next.
- On the Review Options page, verify your configuration selections and click Next.
- On the Pre-requisite Checks page, verify that all pre-requisite checks were successfully completed, and then click Configure.
- On the Results page, review the results and whether the configuration has completed successfully, and then click Next steps required for completing your federation service deployment.
You will also need to run some PowerShell commands and configurations to finish the ADFS configuration. In a PowerShell command window run the following commands:
When prompted for a service account, type contoso\fsgmsa$ (Or whatever account you created)
NEXT STEP IMPORTANT: After you have run the PowerShell command on your ADFS server open the AD FS Management console. Navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the checkbox next to Enable Device Authentication and then click OK.
Lastly, you will need to make sure you have the following DNS records for the Device Registration Services.
IP address of the AD FS server
You can use the following procedure to add a host (A) resource records to corporate DNS for federation server and the device registration service.
- On DC1, from Server Manager, from the Tools menu, click DNS to open the DNS snap-in.
- In the console tree, expand DC1, expand Forward Lookup Zones, right-click contoso.com, and then click New Host (A or AAAA).
- In Name, type the name you will use for your AD FS farm, for this walkthrough, type adfs1.
- In IP address, type the IP address of the ADFS1 server. Click Add Host.
- Right-click contoso.com, and then click New Alias (CNAME).
- In the New Resource Record dialog box, type enterpriseregistration in the Alias name box.
In the Fully Qualified Domain Name (FQDN) of the target host box, type adfs1.contoso.com and click OK.
Configure Windows Client
- Log on to your Windows 8 Client with your Microsoft account.
- On the Start screen, open the Charms bar and then select the Settings charm. Select Change PC Settings.
- On the PC Settings page, select Network and then click Workplace.
- In the Enter your UserID to get workplace access or turn on device management box, type <login name>@<domain.com> and then click Join.
- When prompted for credentials, type your domain credentials and Click OK.
- You should now see the message: This device has joined your workplace network.
If you want to learn how to set this up for your iOS devices check out this article: Walkthrough Guide- Workplace Join with an iOS Device
As you can see there a lot of moving parts to get this in working, and from my experience you want to make sure you get the certificates correct or you will be troubleshooting into the late evening.
If you want to see this in action, check out this great video by John Savill:
For the full list in the series: Windows Server 2012 R2 Launch Blog Series Index #WhyWin2012R2
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome,” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Sep. 4, 2015 06:45 PM EDT Reads: 458
With the proliferation of connected devices underpinning new Internet of Things systems, Brandon Schulz, Director of Luxoft IoT – Retail, will be looking at the transformation of the retail customer experience in brick and mortar stores in his session at @ThingsExpo. Questions he will address include: Will beacons drop to the wayside like QR codes, or be a proximity-based profit driver? How will the customer experience change in stores of all types when everything can be instrumented and analyzed? As an area of investment, how might a retail company move towards an innovation methodolo...
Sep. 4, 2015 04:15 PM EDT Reads: 537
Contrary to mainstream media attention, the multiple possibilities of how consumer IoT will transform our everyday lives aren’t the only angle of this headline-gaining trend. There’s a huge opportunity for “industrial IoT” and “Smart Cities” to impact the world in the same capacity – especially during critical situations. For example, a community water dam that needs to release water can leverage embedded critical communications logic to alert the appropriate individuals, on the right device, as soon as they are needed to take action.
Sep. 4, 2015 04:00 PM EDT Reads: 101
Manufacturing connected IoT versions of traditional products requires more than multiple deep technology skills. It also requires a shift in mindset, to realize that connected, sensor-enabled “things” act more like services than what we usually think of as products. In his session at @ThingsExpo, David Friedman, CEO and co-founder of Ayla Networks, will discuss how when sensors start generating detailed real-world data about products and how they’re being used, smart manufacturers can use the data to create additional revenue streams, such as improved warranties or premium features. Or slash...
Sep. 4, 2015 04:00 PM EDT
WebRTC services have already permeated corporate communications in the form of videoconferencing solutions. However, WebRTC has the potential of going beyond and catalyzing a new class of services providing more than calls with capabilities such as mass-scale real-time media broadcasting, enriched and augmented video, person-to-machine and machine-to-machine communications. In his session at @ThingsExpo, Luis Lopez, CEO of Kurento, will introduce the technologies required for implementing these ideas and some early experiments performed in the Kurento open source software community in areas ...
Sep. 4, 2015 03:45 PM EDT Reads: 151
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Sep. 4, 2015 03:30 PM EDT Reads: 982
While many app developers are comfortable building apps for the smartphone, there is a whole new world out there. In his session at @ThingsExpo, Narayan Sainaney, Co-founder and CTO of Mojio, will discuss how the business case for connected car apps is growing and, with open platform companies having already done the heavy lifting, there really is no barrier to entry.
Sep. 4, 2015 03:00 PM EDT Reads: 231
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be.
Sep. 4, 2015 02:00 PM EDT Reads: 242
As more intelligent IoT applications shift into gear, they’re merging into the ever-increasing traffic flow of the Internet. It won’t be long before we experience bottlenecks, as IoT traffic peaks during rush hours. Organizations that are unprepared will find themselves by the side of the road unable to cross back into the fast lane. As billions of new devices begin to communicate and exchange data – will your infrastructure be scalable enough to handle this new interconnected world?
Sep. 4, 2015 02:00 PM EDT Reads: 276
The Internet of Things is in the early stages of mainstream deployment but it promises to unlock value and rapidly transform how organizations manage, operationalize, and monetize their assets. IoT is a complex structure of hardware, sensors, applications, analytics and devices that need to be able to communicate geographically and across all functions. Once the data is collected from numerous endpoints, the challenge then becomes converting it into actionable insight.
Sep. 4, 2015 12:30 PM EDT Reads: 126
With the Apple Watch making its way onto wrists all over the world, it’s only a matter of time before it becomes a staple in the workplace. In fact, Forrester reported that 68 percent of technology and business decision-makers characterize wearables as a top priority for 2015. Recognizing their business value early on, FinancialForce.com was the first to bring ERP to wearables, helping streamline communication across front and back office functions. In his session at @ThingsExpo, Kevin Roberts, GM of Platform at FinancialForce.com, will discuss the value of business applications on wearable ...
Sep. 4, 2015 12:00 PM EDT Reads: 117
SYS-CON Events announced today that IceWarp will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IceWarp, the leader of cloud and on-premise messaging, delivers secured email, chat, documents, conferencing and collaboration to today's mobile workforce, all in one unified interface
Sep. 4, 2015 12:00 PM EDT Reads: 507
SYS-CON Events announced today that Micron Technology, Inc., a global leader in advanced semiconductor systems, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Micron’s broad portfolio of high-performance memory technologies – including DRAM, NAND and NOR Flash – is the basis for solid state drives, modules, multichip packages and other system solutions. Backed by more than 35 years of technology leadership, Micron's memory solutions enable the world's most innovative computing, consumer,...
Sep. 4, 2015 12:00 PM EDT Reads: 301
As more and more data is generated from a variety of connected devices, the need to get insights from this data and predict future behavior and trends is increasingly essential for businesses. Real-time stream processing is needed in a variety of different industries such as Manufacturing, Oil and Gas, Automobile, Finance, Online Retail, Smart Grids, and Healthcare. Azure Stream Analytics is a fully managed distributed stream computation service that provides low latency, scalable processing of streaming data in the cloud with an enterprise grade SLA. It features built-in integration with Azur...
Sep. 4, 2015 11:45 AM EDT Reads: 407
SYS-CON Events announced today the Containers & Microservices Bootcamp, being held November 3-4, 2015, in conjunction with 17th Cloud Expo, @ThingsExpo, and @DevOpsSummit at the Santa Clara Convention Center in Santa Clara, CA. This is your chance to get started with the latest technology in the industry. Combined with real-world scenarios and use cases, the Containers and Microservices Bootcamp, led by Janakiram MSV, a Microsoft Regional Director, will include presentations as well as hands-on demos and comprehensive walkthroughs.
Sep. 4, 2015 11:00 AM EDT Reads: 437
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
Sep. 4, 2015 11:00 AM EDT Reads: 1,619
SYS-CON Events announced today that the "Second Containers & Microservices Expo" will take place November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.
Sep. 4, 2015 10:45 AM EDT Reads: 670
Akana has announced the availability of the new Akana Healthcare Solution. The API-driven solution helps healthcare organizations accelerate their transition to being secure, digitally interoperable businesses. It leverages the Health Level Seven International Fast Healthcare Interoperability Resources (HL7 FHIR) standard to enable broader business use of medical data. Akana developed the Healthcare Solution in response to healthcare businesses that want to increase electronic, multi-device access to health records while reducing operating costs and complying with government regulations.
Sep. 4, 2015 09:30 AM EDT Reads: 341
Containers are not new, but renewed commitments to performance, flexibility, and agility have propelled them to the top of the agenda today. By working without the need for virtualization and its overhead, containers are seen as the perfect way to deploy apps and services across multiple clouds. Containers can handle anything from file types to operating systems and services, including microservices. What are microservices? Unlike what the name implies, microservices are not necessarily small, but are focused on specific tasks. The ability for developers to deploy multiple containers – thous...
Sep. 4, 2015 09:00 AM EDT Reads: 222
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
Sep. 4, 2015 08:15 AM EDT Reads: 2,052