So, Technical Preview 5 for Windows Server 2016 is out now, and we’re heading straight to RTM next. What did change in AD FS since the last preview?
On the surface, nothing much. The major redesign on the role was done few versions ago, and now we just get the polishing. To recap, AD FS vNext will bring 170 PowerShell cmdlets, 60 endpoints and support for 80 claims (there’s one new since the last preview – the Token Binding Id claim, http://schemas.microsoft.com/2015/12/devicecontext/claims/tokenbindingid). I’ve discussed the changes previously in articles on TP2, TP3 and TP4.
When we dig into the MMC console however we will notice the experience is much better now. Everything is in place, help links work and new references to Azure AD related functionality have been added in the relevant places. Here’s an example – trying to enable Device registration will alert you about the available configurations depending on whether you are running a cloud-enabled or on-prem only environment:
The TechNet documentation has also been updated with detailed info, for example this article covers all aspects of creating and configuring Access Control Policies.
Now the interesting part. We know already that AD FS vNext will bring support for Azure MFA (still in Private Preview) for both Primary and Additional authentication. The question we have been asking about support for Windows Passport/Windows Hello has finally been answered:
It’s here, it’s enabled by default, and it’s great. I might finally switch to Windows 10 just to play with this 🙂
Just to be clear, enabling Azure MFA Authentication still requires manual configuration, but doing so will get rid of the hints in the above dialog:
Time to setup a proper lab and do an end-to-end guide I guess 🙂 In the meantime, here’s the updated “What’s new in Active Directory Federation Services for Windows Server 2016 Technical Preview” article on TechNet: https://technet.microsoft.com/en-us/library/mt617220(v=ws.12).aspx