Step 5: Configure a federation server with Device Registration Service
Published: June 24, 2013
Updated: June 24, 2013
Applies To: Windows Server 2012 R2
You can enable Device Registration Service (DRS) on your federation server after you complete Step 4: Configure a Federation Server. The Device Registration Service provides an onboarding mechanism for single sign-on (SSO) and conditional access to consumers that need access to on-premises company resources. For more information about DRS, see Join to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across Company Applications.
|You must be logged in with domain administrator permissions in order to complete this procedure.|
Open a PowerShell command window and type:
When prompted for a service account, enter the name of the group Member Service Account (gMSA) you selected as the service account for AD FS.
If it is a gMSA account, enter the account in the domain\gMSA$ format. For a domain account, use the format domain\accountname.
Next run the following cmdlet to enable Device Registration Service on each node in the AD FS farm:
You should see a message about device registration being successful.