Step 5: Configure a federation server with Device Registration Service
Updated: June 24, 2013
Applies To: Windows Server 2012 R2
Configure a federation server with Device Registration Service
You can enable Device Registration Service (DRS) on your federation server after you complete Step 4: Configure a Federation Server. The Device Registration Service provides an onboarding mechanism for single sign-on (SSO) and conditional access to consumers that need access to on-premises company resources. For more information about DRS, see Join to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across Company Applications.
Note
You must be logged in with domain administrator permissions in order to complete this procedure.
To enable Device Registration Service
Open a PowerShell command window and type:
Enable-AdfsDeviceRegistration –PrepareActiveDirectoryWhen prompted for a service account, enter the name of the group Member Service Account (gMSA) you selected as the service account for AD FS.
If it is a gMSA account, enter the account in the domain\gMSA$ format. For a domain account, use the format domain\accountname.
Next run the following cmdlet to enable Device Registration Service on each node in the AD FS farm:
Enable-AdfsDeviceRegistration.You should see a message about device registration being successful.