Possible negative impact (What could go wrong?) Having activated Windows Server installations throughout the Hybrid Identity implementation is important. As they are built using on-premises systems, they are intended to provide the functionality for the full duration of the economic lifetime of these systems (4-5 years). Hybrid Identity deployments are often long and costly implementations. Why look at Windows Activation for Web Application Proxies However, this option can’t be used for Web Application Proxy servers that are non-domain-joined and/or placed on a perimeter network (also commonly referred to as a DMZ network). If your Web Application Proxy servers are domain-joined, you can use Active Directory-based activation to take care of Windows activation.
This blogpost assumes you’re running Web Application Proxies as non-domain-joined Server Core Windows Server 2016 installations. In this part of the series, we’ll look at best practices to handle Windows activation on non-domain-joined Web Application Proxy servers. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations.
