Are there any plans for Exchange services, ActiveSync in particular, to support Workplace Join (device registration services) and claims? I've been reading up on using Device Registration Services as a second factor for authentication, and it looks promising. Right now, we don't have any use for ADFS in our organization since we are not using claims aware applications, but we may in the future. Currently we are looking to provide Exchange services to personal devices, but we have security requirements for two-factor authentication. SSO capabilities would also be a nice addition. It looks like Device Registration Services will provide that, but as of now, ActiveSync does not support DRS or even claims authorization. From what I understand, DRS and ADFS provides applications the ability to authorize users based on registered devices properties in Active Directory and user claims tokens. This would be nice if ActiveSync can support DRS. Even without claims authorization support, ActiveSync does support Certificate Authentication, which is good, but not as convenient and easy to manage as claims.
- Edited by Brandon.M Friday, February 21, 2014 10:01 PM
- Moved by Simon_WuMicrosoft contingent staff, Moderator Monday, February 24, 2014 8:49 AM