Important Information Regarding Changes to Forefront Product Roadmaps

AnnouncementToday, as a result of our effort to better align security and protection solutions with the workloads and applications they protect, Microsoft is announcing changes to the roadmaps of some of the security solutions made available under the Forefront brand.

  1. As part of this effort, the next release of Forefront Online Protection for Exchange, which has long been part of the Office 365 solution, will be named Exchange Online Protection.
  2. In response to customer demand, we are adding basic antimalware protection to Exchange Server 2013. This protection can be easily turned off, replaced, or paired with other services (like Exchange Online Protection) to provide a layered defense.
  3. We are discontinuing any further releases of the following Forefront-branded solutions:
    • Forefront Protection 2010 for Exchange Server (FPE)
    • Forefront Protection 2010 for SharePoint (FPSP)
    • Forefront Security for Office Communications Server (FSOCS)
    • Forefront Threat Management Gateway 2010 (TMG)
    • Forefront Threat Management Gateway Web Protection Services (TMG WPS)

For all the details please see the following:

J.C. Hornbeck | Knowledge Engineer | Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

App-V Team blog:
ConfigMgr Support Team blog:
DPM Team blog:
MED-V Team blog:
Orchestrator Support Team blog:
Operations Manager Team blog:
SCVMM Team blog:
Server App-V Team blog:
Service Manager Team blog:
System Center Essentials Team blog:
WSUS Support Team blog:

The Forefront Server Protection blog:
The Forefront Endpoint Security blog :
The Forefront Identity Manager blog : support/
The Forefront TMG blog:
The Forefront UAG blog:

Comments (35)

  1. We planned to purchase additional TMG for branches and what now? Buy a product that will not evolve? And where and how to migrate from the well-established infrastructure(VPN/Exchange/SPoint/etc.)?

    I don't understand this attitude towards customers.

  2. What will be the new architecture of enterprise network without TMG and FPE? What and where is a migration map to?

  3. DallasTMG says:

    Are there plans for TMG2013 or other, future, TMG products or is TMG being discontinued altogether?

  4. RBroadley says:

    Could someone please provide a suggested migration map of the capabilities built into TMG for existing customers? Eg reverse web publishing -> MS UAG, boundary firewall -> built-in OS firewalls or third party paroduct, etc.

  5. TSmith says:

    The Sophos (aka astaro) product line seems to have many of the same features.

  6. TMG-Fan says:

    Don't like to year that. However I like TMG2010 and FPE2010 and we use several licenced products in our company…

  7. Jevgenij says:

    We really need migration map for TMG.

  8. The Architect Evangelist says:

    It's moments like this where Microsoft's actions are so confusing and don't add up.

    From the announcement:

        We are discontinuing any further releases of the following Forefront-branded solutions:

    Forefront Protection 2010 for Exchange Server (FPE)

    Forefront Protection 2010 for SharePoint (FPSP)

    Forefront Security for Office Communications Server (FSOCS)

    Forefront Threat Management Gateway 2010 (TMG)

    Forefront Threat Management Gateway Web Protection Services (TMG WPS)


    "It is important to note that there are no significant changes to the Forefront Identity Manager or Forefront Unified Access Gateway roadmaps.  These solutions continue to be actively developed.  Forefront UAG 2010 SP2 was released in August 2012 and Forefront Identity Manager 2010 R2 was release in June 2012. "

    In summary they are dropping TMG and keeping UAG, but…. UAG uses TMG…

    “By default, Forefront Threat Management Gateway (TMG) is installing during Forefront Unified Access Gateway (UAG) Setup. Forefront TMG is installed as a complete product, and is not modified to run on a Forefront UAG server.” –…/ee522953.aspx

    Using this logic TMG continues under the UAG roadmap… or the Forefront Product Teams don't have a grasp on their own products.

  9. paul says:

    Another baited hook for Microsoft users.  Keep this up MS, and will be forced to leave you.

  10. Dan_IT says:

    stupid thing to drop TMG

  11. Infrastructure Architect says:

    My company uses ISA and TMG all over the place, reverse proxy, forward proxy and firewall features.

    what a daft decision to kill TMG, but keep UAG, the most buggy product ever.

    I am at a loss as to what one replaces it with. Any suggestions?

  12. Agentsmith73 says:

    What should our customers with Full-Featured Deployments (incl. 3rd-Party ISAPI-Solutions) and Firewall-Client/-Service (THE big advantage for transparent, authenticated outbound access for tcp/udp-Connection) migrate to ? I CAN´T BELIEVE that all the features and techniques that TMG provides play no role in your shiny new On-Premises-Cloud-world ….

    Maybe it would be a good idea to provide a migration path / evolutionary road FIRST and then discontinue / cancel core products in such an important area – SECURITY !



  13. TMG-Fanboy says:

    Sadly, that's the proof of often heard critics: you can't do IT-Security.

    Shame on you in discontinuing this absolutely great product! May the cloud rain no $ on you.


  14. dann23 says:

    It a shame that TMG is killed.

  15. Ser says:

    So: Can we expect the quality of the web reputation service queries to start getting worse and worse, or is this service still being used in other MS products that will continue?

    This whole thing is a shame, as we switched off of Websense not long ago, because the filtering in TMG was good enough for our needs.

  16. TMG user says:

    it seems that we have to use linux. there is no alternative for tmg on windows systems. if M$ will kill good products this way maybe we'll start to use linux on desktop too.

  17. sa customers says:

    So what happens to the SA I have been paying on Forefront TMG? Do I get a different product that doesn't do what I need it do or is there a refund cheque in the mail?

  18. Anthony says:

    It's sad that they are killing this product.  I have using it as our go to firewall for 8 years now.  I'm happy with what it does.  Now I'm looking at Cisco ASA for my firewall needs and Websense for filtering.  In other words $$$$

  19. Chumley says:

    It's crazy because TMG offers some fairly unique functionality as a solid authentication reverse proxy. I've worked at and with a number of large companies that use TMG, none of whom used UAG. Moreover, UAG is not as good as other SSL-VPN products, such as Juniper SA and is modeled for a different market.. If Microsoft think that UAG can address the use cases that TMG does, with the licensing model they use, together with UAG baggage, lowered security (EAL4 for TMG v EAL2 for UAG) and expect people to adopt it, they're deluding themselves…

    Terrible decision… even worse than including the "interface formely known as Metro" in Server 2012.

  20. Richard says:

    I was absolutely stunned when I read the news about TMG being discontinued. Like many others I love the product for its great features at a reasonable price. TMG is a firewall, proxy, reverse proxy and malware filtering solution in one. So one thing went straight to my head; what do we need to offer our customers from now on when they ask for  a solution providing all those features? Three different products (from different vendors)? Or a firewall appliance with expensive add-on modules? It definitely will be a solution which doesn't integrate as well as TMG does in Microsoft-based environments.

    Come on Microsoft, you must be kidding us. Please change your mind as you're disappointing many, I say _MANY_ customers who trusted you since Proxy/ ISA Server.

  21. sat says:

    +1 to above comment by Richard.  I was due to deploy TMG for a client this month alongside Ex2010.  Not now though. Same question over and over the interweb:  what acts as the replacement?  Tony Redmond on his blog seems to think that vendors such as KEMP are watching this space closely as it wouldn't take much to package the reverse proxy etc etc into other offerings.  They did a great job with HLBs for CAS servers.…/microsofts-new-security-product-strategy

  22. Well, very good idea to kill TMG, if you want to loose some of you biggest partners like my company. As the result of these, we stoped many projects where we planed to install tmg and Uag for our coustumer. Now we install solutions like this from other partners. Nice Job Microsoft, i calculated you loose 2,112,000 US Dollar from License only in these projekts but many other will follw.

    Security is one of the most important things in the IT, TMG is a very good reverse and "normal" proxy . The next Projekt, it will start in Nov 2012, we will install Cisco and Genua Solutions istead of TMG, also we will Change the Websolutions from Sharepoint to an Other Product. Please Calculate what you loose on your own : 32 * Windows Server 2008 Enterprise, 10 * TMG Enterprise, 4 * UAG Enterprise, Rest Sharepoint. 13,200 User cals …. and so on ….

  23. Crand says:

    You know what this means to me? FREE TMG FOR MY CUSTOMERS!!!! YAY!!!!

  24. TDR says:

    Maybe Microsoft are planing to buy someone else in this space….

  25. Eric says:

    Almost three weeks have passed since Microsoft dropped this news on their "Server & Cloud Blog". This news only is bad enough. But this silence since then is even worse, I do not know what to tell my customers.

    Please name us an alternative to do forwarding proxy with integrated authentication (just to name one feature)


  26. oldmfors says:

    ..and now it's almost four weeks. Dropping news like that and then not following up on legitimate questions from real customers just shows a lack of respect. Come on Microsoft, can you please elaborate on your plans? Will some of the TMG features be picked up by UAG? Will there be some form of compensation for SA customers now that the value of the SA subscription is lowered?

  27. MicrosoftWakeUp!!! says:

    You are killing one of the most loved products withou any information about replacement!

    We us TMG also to protect our whole cloud infrastructure we are providing for thousands of customers.

    Customers feel very secure behind TMG.. so why the hell do you discontinue one of the promissing products you ever made?

  28. WTF says:

    Can Microsoft please advise its customers how they are supposed to tackle the problems that discontinuing TMG will have for future deployments. We deploy a large amount of infrastructures to schools and use TMG to publish OWA and SharePoint externally rather than publishing the CAS and SPFE servers directly. How would Microsoft propose that we get around this massive problem without having to increase costs substantially for our customers?

  29. Andrew angiolini says:

    the decision to eliminate tmg is really stupid was a great product for firewalls, proxies, etc..

    I tested UAG and is a product ridiculous buggy

  30. JTF says:

    MICROSOFT – Why has no one replied to the many comments on this. What is the suggested road map/path for people to take who use or were going to use TMG?

  31. TECHKat says:

    We have been using Forefront TMG / ISA since it was released several years back with great success, and are happy to report that we've had no major security incidents on our network. for the past 12 years.  Discovering yesterday that the product has been discontinued (when I went to renew our VLA for malware filter) with no roadmap is of great stress on our non-profit agency's limited budget.  We are now facing not only expensive security consulting but also a re-design of our entire infrastructure wrapped our Forefront TMG publishing rules.  We have been 99% Microsoft for over a decade and are not a happy customer.  

  32. TMG was a great product.  Used ISA for years.  How there is no replacement or posts that say here is is how we want you to do it now really sucks,

    I can't think of one good reason TMG was killed.

    Nobody really liked UAG

  33. MS Fan says:

    Does anyone in the product group or anyone from Microsoft can answer that will change in roadmapie security products.
    Will there be a successor TMG?? …. So really the whole point of rewriting the TCP stack in WIN 2012 Server R2

  34. sanjay says:

    Our 3000 Clients moved to Open source solutions, because Microsoft discontinue the MS products frequently and very expensive products. No one like to go on cloud for the products which can be implemented on-premises. Damn! Our 9000 hosting users moved
    from Exchange and O365 to Zimbra other Mail solutions. Our System admins learning Linux… Whats going on Microsoft???

  35. Андрей says:

    Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition Дата начала жизненного цикла 17.10.2006 так конечно дата окончания расширенной поддержки 10.01.2017.Сделайте хотя бы дату окончания расширенной поддержки Forefront продукта в 2021 году:)

Skip to main content