Solutions and Scenario Guides

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

With Microsoft's access and information protection solutions, you can deploy and configure access to corporate resources across your on-premises environment and cloud applications. And you can do it while protecting corporate information.

Access and Information Protection

Guide How can this guide help you
Secure access to company resources from any location on any device This guide shows how to allow employees to use personal and company devices to securely access corporate applications and data.
Join to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across Company Applications Employees can access applications and data everywhere, on any device. Employees can use Single Sign-On in browser applications or enterprise applications. Administrators can control who has access to company resources that are based on application, user, device, and location.
Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications In this scenario, you enable MFA based on the user's group membership data for a specific application. In other words, you will set up an authentication policy on your federation server to require MFA when users that belong to a certain group request access to a specific application that is hosted on a web server.
Manage Risk with Conditional Access Control Access control in AD FS is implemented with issuance authorization claim rules that are used to issue a permit or deny claims that will determine whether a user or a group of users will be allowed to access AD FS-secured resources or not. Authorization rules can only be set on relying party trusts.
Configuring Certificate Enrollment Web Service for certificate key-based renewal on a custom port This article provides step-by-step instructions to implement the Certificate Enrollment Web Service (or Certificate Enrollment Policy (CEP) / Certificate Enrollment Service (CES)) on a custom port other than 443 for certificate key-based renewal to take advantage of the automatic renewal feature of CEP and CES.