![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 89%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Microsoft Security | Active Directory Federation Services
Federated identity management using Active Directory Federation Services
The Access Control Policy feature has not changed since its creation. The ADFS on Windows Server 2016 documentation is still accurate on this topic.
The policy can be assigned from the Relying Party Trust section.
If your environment was upgraded from Windows Server 2012 R2 to higher (either to 2016/2019 or directly to 2022) and the Relying Party was created prior this upgrade, it might not display the Access Control Policy window when you click there but this instead:
In that case you can just delete the rules you see there and then apply an Access Control Policy like aforementionned.
You can also backup the current rules in case you want to go back:
Get-AdfsRelyingPartyTrust -Identifier "<your RP id>" | Select-Object -ExpandProperty IssuanceAuthorizationRules | Out-File IssuanceAuthorizationRules.bk
Get-AdfsRelyingPartyTrust -Identifier "<your RP id>" | Select-Object -ExpandProperty AdditionalAuthenticationRules | Out-File AdditionalAuthenticationRules.bk
And you can restore them this way:
Set-AdfsRelyingPartyTrust -TargetIdentifier "<your RD id>" -IssuanceAuthorizationRulesFile IssuanceAuthorizationRules.bk
Set-AdfsRelyingPartyTrust -TargetIdentifier "<your RD id>" -AdditionalAuthenticationRulesFile AdditionalAuthenticationRules.bk