Using Workplace Join and a Web Application Proxy

In order to have Workplace Join working, double-check the following:

  • Outside of your company network (aka “the internet”)
    Ping “”, it should resolve to the IP of your Web Application Proxy.
    • If case no IP is resolved, edit your public domains DNS zone and add a CNAME “enterpriseregistration” pointing to your Web Application Proxy servername.
  • RDP into your Web Application Proxy and ping “”
    • If ping fails, edit your hosts file.
  • RDP into your Web Application Proxy, open a browser and enter:

You should get a response:


From an external non-domain joined client:

  • Import the root CA certificate in case you are using self-signed certificates on the ADFS server
  • Open a browser and navigate to

  • In case you get a response, Workplace Join should work.
    • In case it doesn’t: RDP to your Web Application Proxy and add a Published Web Application like shown in the screenshot below

Consider leaving a reply in case this post helped you. Thanks!

Comments (1)

  1. Daniel Jones says:

    I have been reviewing the capabilities of NDES and the integration of BYOD. The question I have is, would it be possible to have direct access and/or work place join for MAC devices without using a MDM? I was hoping for a Office 365 or Azure AD Premium
    solution leveraging ADFS. I also want to mention what when I explore the Office 365 capabilities it always refers to a token, can we place a certificate on the systems to allow on premises access via a VPN or a direct access solution?

Skip to main content