Are there any plans for Exchange services, ActiveSync in particular, to support Workplace Join (device registration services) and claims? I've been reading up on using Device Registration Services as a second factor for authentication, and it looks promising. Right now, we don't have any use for ADFS in our organization since we are not using claims aware applications, but we may in the future. Currently we are looking to provide Exchange services to personal devices, but we have security requirements for two-factor authentication. SSO capabilities would also be a nice addition. It looks like Device Registration Services will provide that, but as of now, ActiveSync does not support DRS or even claims authorization. From what I understand, DRS and ADFS provides applications the ability to authorize users based on registered devices properties in Active Directory and user claims tokens. This would be nice if ActiveSync can support DRS. Even without claims authorization support, ActiveSync does support Certificate Authentication, which is good, but not as convenient and easy to manage as claims.

• Edited by Brandon.M Friday, February 21, 2014 10:01 PM
• Moved by Simon_WuMicrosoft contingent staff, Moderator Monday, February 24, 2014 8:49 AM

Ok. I don't really follow Exchange. I am more of an infrastructure and web app specialist. I thought I would ask just in case I missed some announcement about an upcoming Exchange release.

I spoke with a Microsoft speaker at TechEd about this and he stated that OWA supports claims in Exchange 2013. Claims support for ActiveSync will be added in a future release.

• Marked as answer by Brandon.M 17 hours 4 minutes ago