Let’s start this post about Exchange with a common question: Now that Microsoft has stopped selling TMG, should I rip it out and find something else to publish Exchange with? I have occasionall...
Updated Jul 01, 2019
Version 2.0
Blog Post
Thanks for the great article, I wish I had read it last week, but....
Along the lines of what @Jetze said, there is a lot of online documentation which makes statements and recommendations for Exchange 2010.
Like this whitepaper you co-authored http://www.microsoft.com/en-us/download/confirmation.aspx?id=8946
"Therefore it's critical to take measures to ensure that the data is being accessed securely, which means implementing technologies such as certificates, firewalls, enforcing pre-authentication, and device or endpoint validation."
And in the Technet articles, which I coincidentally read all of earlier this week as we were removing TMG from the equation to make federated gateway work for calendar sharing, they all refer to securing Exchange and enforcing pre-authentication.
Not one of them suggested a scenario where you would directly publish the server through your firewall.
I think it's important that these other documents are updated to reflect the new philosophy before you drive all of your followers insane! or over the edge if they were already insane to begin with :)