Yes, AD FS handles authentication and authorization for WAP. Web Application Proxy is a component of Cloud Edge Security.
It was removed as an AD FS role service and added to Remote Access as a role service that is now called Web Application Proxy.
AD FS can leverage several types of data for authentication, including user identity, group membership, location, and device to control access to resources.
Yes, AD FS can use the Windows Internal Database or SQL Server®.
Discussing the different version of AD FS would make for a long topic. Probably the most relevant thing to note is that Windows Server® 2012 R2 includes the latest version (3.0) as a role that can be installed through a wizard in the Server Manager. Version 3.0 allows options for customization, improved user access management, […]
Workplace Join is the function that allows users to register devices with the domain through the Device Registration Service. This allows the devices to access resources hosted in the domain.
DRS is a feature of AD FS that facilitates Workplace Join, which allows users to register devices to be known entities to the domain. DRS creates a device object in an AD user account and issues a certificate to the device that represents its identity when authenticating to the domain.
It designates a service provider as a partner organization for AD FS. The service provider is a relying party that AD FS will trust authentication requests from. For example, AD FS can trust authentication requests from Salesforce when there is a relying party trust.
An identity provider authenticates a user to a service provider. For example, a user can use Active Directory credentials to access Salesforce.
To answer this fully would make for a very long list. But a few examples include SharePoint®, Office 365TM, AzureTM, Amazon Web Services, Google DocsTM, PeopleSoft®, and Salesforce®.