ADFS in Windows Server 2016 has a lot of cool new features, check these out:

Active Directory Federation Services in Windows Server 2016

WAP Technical Preview

Expecially I would like to highlight these new features:

  1. Access Control Policies

Now you have more control for ADFS core pipeline policy processing (autH, AutZ and claims) and you can control policies with GUI or old way which is powershell. Same kind of conditional access policies are already possible to use in Azure AD.

There are seven default policies which cannot be modified but you can create own policies if needed

pic1

2. Upgrading to 2016 ADFS farm is relatively easy

ADFS has now FBL (Farm Behavior Level feature) which reminds me from ADDS FFL and DFL. This is farm wide feature and determines which features farm can use.

Levels are:

  • Mixed which can contain w2012 and w2016 ADFS servers
  • W2016 level which contains only w2016 ADFS servers

Regarding Microsoft guidance it seems that ADDS schema needs to be upgrade to W2016 level (shema version 85) to support vNext ADFS.

3. Authenticating users from other LDAP directories

Many organization have identities in different directories and they will have huge advantage of this new feature.

4. Auditing

vNext ADFS has different auditing levels and basic auditing is enabled by default.

  • AuditLevel None – Auditing is disabled and no events will be logged
  • AuditLevel Basic – No more than 5 events will be logged for a single request
  • AuditLevel Verbose – All events will be logged. This will log a significant amount of information per request

5. Customizing user sign-in pages

Now you can customize sign-in pages per application

6. Windows 10 – device authentication with ADFS

vNext provides more support for device based authentication which gives flexibility to control conditional access to on-premises applications

7. Support for using the OpenId Connect sign-on and Enabling Oauth Confidential Clients with AD FS 2016

After christmas holidays I need to spend some time to test these cool new features. Now it’s time to enjoy some time with family:)