Using Workplace Join and a Web Application Proxy


In order to have Workplace Join working, double-check the following:

  • Outside of your company network (aka “the internet”)
    Ping “enterpriseregistration.yourpublicdomain.com”, it should resolve to the IP of your Web Application Proxy.
    • If case no IP is resolved, edit your public domains DNS zone and add a CNAME “enterpriseregistration” pointing to your Web Application Proxy servername.
  • RDP into your Web Application Proxy and ping “enterpriseregistration.yourpublicdomain.com”
    • If ping fails, edit your hosts file.
  • RDP into your Web Application Proxy, open a browser and enter:

https://enterpriseregistration.EXTERNALDOMAIN.com/EnrollmentServer/contract?api-version=1.0

You should get a response:

image

From an external non-domain joined client:

  • Import the root CA certificate in case you are using self-signed certificates on the ADFS server
  • Open a browser and navigate to

https://enterpriseregistration.EXTERNALDOMAIN.com/EnrollmentServer/contract?api-version=1.0

  • In case you get a response, Workplace Join should work.
    • In case it doesn’t: RDP to your Web Application Proxy and add a Published Web Application like shown in the screenshot below

image      
 
Consider leaving a reply in case this post helped you. Thanks!


Comments (2)

  1. Anonymous says:

    My role has previously primarily focused on Microsoft Intune, nowadays it’s more towards our whole Enterprise

  2. Daniel Jones says:

    I have been reviewing the capabilities of NDES and the integration of BYOD. The question I have is, would it be possible to have direct access and/or work place join for MAC devices without using a MDM? I was hoping for a Office 365 or Azure AD Premium
    solution leveraging ADFS. I also want to mention what when I explore the Office 365 capabilities it always refers to a token, can we place a certificate on the systems to allow on premises access via a VPN or a direct access solution?

Skip to main content