• => issue(Type = "http://schemas.microsoft.com/claims/authnmethodsreferences", Value = "http://schemas.microsoft.com/claims/multipleauthn"); Click Finish
    		•

    Note: Perform the following steps on DC1




    Download 78.77 Kb.
    bet6/8
    Sana22.07.2021
    Hajmi78.77 Kb.
    #15678
    1   2   3   4   5   6   7   8
    Note: Perform the following steps on DC1

    1. Switch to the DC1 virtual machine

    1. In the AD FS console, expand Trust Relationships in the left navigation pane, and click Relying Party Trusts

    2. Right-click Microsoft Office 365 Identity Platform, and click Edit Claim Rules…

    3. Click Add Rule…

    4. Select Send Claims Using a Custom Rule from the Claim rule template menu, and click Next

    5. Type Suppress AAD MFA in the Claim rule name field

    6. Copy the following rule to the Custom rule field:

    => issue(Type = "http://schemas.microsoft.com/claims/authnmethodsreferences", Value = "http://schemas.microsoft.com/claims/multipleauthn");

    1. Click Finish and click OK

    Note: The addition of this claim rule allows AD FS to enforce MFA while leaving Azure Active Directory-integrated MFA enabled for users without subjecting them to multiple MFA challenges. You may be asking yourself, why wouldn’t we just disable Azure Active Directory-integrated MFA when using the Azure MFA Server with AD FS? The answer is the app password feature which is available in the Azure Active Directory-integrated version of the service. By layering in this capability on top of AD FS-integrated MFA, you can apply expressive policy to govern MFA for passive browser-based clients while still allowing rich clients like Outlook and Lync to connect to Office 365.



    Download 78.77 Kb.
    1   2   3   4   5   6   7   8




    Download 78.77 Kb.
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    Note: Perform the following steps on DC1

    Download 78.77 Kb.