Share via

What is the difference between FBL 3 and FBL 4 in ADFS

Saravanan Athiyappan 0 Reputation points
2024-07-15T03:29:53.94+00:00

Hi Team,

I am currently running on ADFS 4.0 on windows 2016 with Farm Behaviour Level 3. planning to move to windows 2022 , FBL 4.

Can you let me know the difference between FBL 3 and FBL 4. I do not see any detailed document on this.

Thanks,
Saravanan A.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Active Directory Federation Services
Windows for business | Windows Server | User experience | Other

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yanhong Liu 14,205 Reputation points Microsoft External Staff
    2024-07-16T06:31:05.0333333+00:00

    Hello,

    Thank you for posting in Q&A forum.

    According to my search, I did not find the specific difference between FBL 3 and FBL4. But I found the following content for you, maybe it is useful for you.

    You can join an AD FS server of a later version to a farm with a lower FBL. The farm operates at the same FBL as the existing node(s). When you have multiple Windows Server versions operating in the same farm at the FBL value of the lowest version, your farm is "mixed." However, you can't take advantage of the features of the later versions until you raise the FBL. If your organization is looking to test the new features prior to raising the FBL, you need to deploy a separate farm. Upgrade an AD FS farm by using Windows Internal Database in Windows Server | Microsoft Learn

    If you're upgrading to AD FS in Windows Server 2016 or later, the farm upgrade requires the AD schema to be at least level 85. If you're upgrading to in Windows Server AD FS 2019 or later, the AD schema must be at least 88. Upgrade an AD FS farm by using Windows Internal Database in Windows Server | Microsoft Learn

    AD FS 2016 introduced Microsoft Entra multifactor authentication as primary authentication so that OTP codes from the Authenticator App could be used as the first factor. Beginning with AD FS 2019 you can configure external authentication providers as primary authentication factors. Additional authentication methods with AD FS in Windows Server | Microsoft Learn

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments
  2. billvo 0 Reputation points
    2025-05-13T19:35:15.0366667+00:00

    FBL 4 means the ADFS 2019 feature set. If you run ADFS on server configured for FBL 3, you should anticipate that the ADFS features added to Windows Server 2019 will not be present.

    Off-hand, I believe these features include certificate authentication and the implicit credential flow for SPA clients. Neither of these are mentioned at the link below, so your mileage may vary.

    https://learn.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-2019#active-directory-federation-services

    Note however the specific reference to AD FS at the link below:

    https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.