locked
ADFS 3.0 blocking external access to non domain joined machines RRS feed

  • Question

  • Hi guys,

    I am trying to deny authentication non domain join machine when connecting to ADFS relying parties.

    Currently, I manage to achieve this by using GPO to write custom value into user agent and then getting authorization rule to capture the custom string. However, the client isn't comfortable with the additional GPO to achieve this feature.

    Appreciate if someone can share any other methods to achieve this without using GPO, inTune or device registration. Thanks.

    Thursday, February 4, 2016 9:07 AM

All replies

  • Here is a blog from MVP Peter Van der Woude describing how to achieve this with In Tune and ADFS

    https://www.petervanderwoude.nl/post/conditional-access-for-pcs-part-i-requirements/


    __________________________________________

    Please mark as Answer if this answers your question

    Regards,

    Shane Jackson

    Blog: https://shanejacksonitpro.wordpress.com/

    Twitter: https://twitter.com/shane00jackson

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, February 4, 2016 9:50 AM