ADFS in Windows Server 2016 has a lot of cool new features, check these out:
Expecially I would like to highlight these new features:
- Access Control Policies
Now you have more control for ADFS core pipeline policy processing (autH, AutZ and claims) and you can control policies with GUI or old way which is powershell. Same kind of conditional access policies are already possible to use in Azure AD.
There are seven default policies which cannot be modified but you can create own policies if needed
2. Upgrading to 2016 ADFS farm is relatively easy
ADFS has now FBL (Farm Behavior Level feature) which reminds me from ADDS FFL and DFL. This is farm wide feature and determines which features farm can use.
- Mixed which can contain w2012 and w2016 ADFS servers
- W2016 level which contains only w2016 ADFS servers
Regarding Microsoft guidance it seems that ADDS schema needs to be upgrade to W2016 level (shema version 85) to support vNext ADFS.
3. Authenticating users from other LDAP directories
Many organization have identities in different directories and they will have huge advantage of this new feature.
vNext ADFS has different auditing levels and basic auditing is enabled by default.
- AuditLevel None – Auditing is disabled and no events will be logged
- AuditLevel Basic – No more than 5 events will be logged for a single request
- AuditLevel Verbose – All events will be logged. This will log a significant amount of information per request
5. Customizing user sign-in pages
Now you can customize sign-in pages per application
6. Windows 10 – device authentication with ADFS
vNext provides more support for device based authentication which gives flexibility to control conditional access to on-premises applications
7. Support for using the OpenId Connect sign-on and Enabling Oauth Confidential Clients with AD FS 2016
After christmas holidays I need to spend some time to test these cool new features. Now it’s time to enjoy some time with family:)