With most Forefront tools now dead, what's an Exchange admin to do?

The new world of networking made most Forefront products irrelevant and will require a different security approach by IT

In September, Microsoft abruptly announced it was discontinuing nearly the entire set of Forefront security tools, including the following:

  • Forefront Protection 2010 for Exchange Server (FPE)
  • Forefront Protection 2010 for SharePoint (FPSP)
  • Forefront Security for Office Communications Server (FSOCS)
  • Forefront Threat Management Gateway 2010 (TMG)
  • Forefront Threat Management Gateway Web Protection Services (TMG WPS)

Not killed were Forefront Identity Manager and Unified Access Gateway (UAG), both of which Microsoft says it will continue to actively develop.

[ Get ready for Windows Server 2012 with the Windows Server 2012 Deep Dive PDF special report. | Stay atop key Microsoft technologies in our Technology: Microsoft newsletter. ]

What will take the place of these security tools? It's a big question for many IT organizations, which put a good amount of money and time into deploying Forefront tools based on Microsoft's strong sales efforts. Suddenly, they were orphaned products. One comment on a Microsoft forum encapsulates that frustration: "Microsoft invested a lot of time selling us on this product, and we have invested a lot of time implementing and supporting it. To have end of sale announced with little warning and no alternatives just isn't good business practice."

If there's any consolation, it's that Microsoft will provide mainstream support the current Forefront tools until 2016 and extended support until 2020. But that's a small relief.

There's also some comfort if you're using Forefront TMG -- the tool whose discontinuance has caused the most anguish, based on the posts in Microsoft's comments boards -- to protect your Exchange environment: Although there is no TMG upgrade for Exchange 2013, you can still use TMG 2010 with a clean installation of Exchange 2013 via a few tweaks of the TMG 2010 wizard. In fact, the Exchange Team provided a post this week to assist you in doing that. If you have Exchange 2010 now with TMG 2010, you'll also be fine -- especially considering that you won't be able to migrate to Exchange 2013 from Exchange 2010 until some time next year. (If you haven't already purchased TMG 2010, you have only a couple of weeks to do so.)

1 2 Page 1