Since joining the Exchange Customer Experience team a few months ago, a question I'm commonly asked (aside from “When are you taking over the storage calculator from Ross? He’s a busy chap and as the new guy on the team you should help him out so he can take a break now and then.” – these comments added by Ross as a pre-condition to publishing this) is how to increase the security of access to Exchange from the Internet. I’m asked this mainly because I have a particular interest in client access and security aspects of Exchange, and have on many occasions come up against security folks who want to take all the fun out of deploying Exchange, or to put it their way, make things more “secure”.
Well, I’ve gone and written a whitepaper that walks you through the entire process of using either Forefront Threat Management Gateway (TMG) or Unified Access Gateway (UAG) to publish Exchange 2010. It starts by helping you decide whether to use Forefront TMG or UAG, makes sure you get the terminology understood, then provides step-by-step instructions to configuring the environment. It also covers migration considerations, troubleshooting steps and even how to publish ECP, but not Outlook Web App. And if you don’t know why you might want to do that, it even explains that!
I have a few more of these guides underway, and so we will also be publishing guides on how to enable Outlook Anywhere with NTLM through TMG/ UAG, while still benefiting from pre-authentication, how to do certificate-based authentication for mobile devices, and one other paper I’m keeping the subject of under wraps for now, but it promises to be an interesting way to secure remote access, that many of our customers will find interesting.
The guides are a little too detailed to publish as regular pages on TechNet, so we’ll be providing them as downloadable whitepapers. The first of which, “White Paper – Publishing Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010 is available.
You Had Me at EHLO.