Course Overview
This workshop is the best way to learn how to implement the most business-oriented server role! Federated Identity and claims-based applications are becoming more and more popular – they simplify the resource access both for your employees and business partners.
This workshop is based on practical knowledge from tons of successful projects, many years of real-world experience, and no mercy for misconfigurations or insecure solutions! The exercises focus on implementation scenarios, including practice in the newest technologies and solutions delivered with Windows Server.
Who should attend
Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.
Course Objectives
The course focuses on implementation scenarios, including practice in the newest technologies and solutions delivered with Windows Server.
When the world becomes more focused on solving ‘Bring Your Own Device’ issues, it is time to become more up to date with the newest technology capabilities: Active Directory Federation Services and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide conditional access and access policies. With these policies in place, you can control access based on users, devices, locations, and access times.
Federated Identity is the most discussed topic in terms of organization cooperation right now, and with this course you will get all the knowledge you will need when you are planning to host services that will connect users across different organizations.
As an add-on course, we will extend previous labs with multi organizations trust, discover problems arising from connecting remote parties and find an automated way to make sure that everything is working smoothly. Using ADFS on Windows, we will connect parties using various active directory topologies and versions, to simulate all the problems that you will be facing in real world deployment.
Course Content
Module 1:
- Introduction
- Legacy and modern authentication protocols
- What are Claims
- Dynamic Access Control
- Services Accounts threats, attack and working with GMSA
Module 2:
- PKI overview and ADFS certificate consideration
- Working with certificates and ADFS
- Designing Modern Authentication
Module 3:
- ADFS Overview
- Installation, availability and security consideration
- Working with ADFS Cluster
Module 4:
- Working with ADFS – claims aware applications
- SAML passive client flow
- ADFS Basics – Rules and Rule flow
- Configuring Issuing rules
- Claim rules language
Module 5:
- Thick applications, and working with multiple Relaying Parties
- Troubleshooting thick applications
- Additional attribute Stores
- Using groups in authorization rules
Module 6:
- Web Application Proxy
- Working with claims-aware application in WAP
- Configure pass-through application in WAP
- WAP advanced scenarios
Module 7:
- Modern ADFS customization
- Advanced troubleshooting ADFS
- Monitoring ADFS security and performance
Module 8:
- Working with MFA
- Enabling Device Registration Service
- Windows Hello for business
- Integration with Azure cloud
Module 9:
- Working with external parties
- ADFS in Forest/Domain trust environment
- Federating with different ADFS versions
Module 10:
- Home Realm Discovery
- Hacking ADFS Claims
- Additional user authorization
- Claim pipeline for multiple IdP MFA in multi IdP environment
Module 11:
- PowerShell Scripting for ADFS
- Backup and Restore ADFS Config
- Exporting and Importing RP and IdP
Module 12:
- Working with clients
- Creating automated Claim Provided Trust configuration for clients
- Working with third party IdP
Module 13:
- Load Balancing ADFS
- Using IIS ARR to load-balance ADFS
- Advance Clustering and load balancing
Englisch