Forefront Product Roadmap Changes: Partner FAQ and Clarifications

Woody Walton 2010

Woody Walton


I was sad to see, like many of you, that the changes announced to our Forefront product roadmap on September 12th here included the sunset of one of my favorite security products from Microsoft, Forefront Threat Management Gateway (TMG), formerly ISA server.  This product had a strong history in the SMB space due to its inclusion in several of the versions of Small Business Server over the years.  This has been made pretty clear in MANY blogs by now, but I have included a brief list of affected products below in addition to TMG.


We are discontinuing any further releases of the following Forefront-branded solutions:

    • Forefront Protection 2010 for Exchange Server (FPE)
    • Forefront Protection 2010 for SharePoint (FPSP)
    • Forefront Security for Office Communications Server (FSOCS)
    • Forefront Threat Management Gateway 2010 (TMG)
    • Forefront Threat Management Gateway Web Protection Services (TMG WPS)

The Blog post goes on to detail the way in which these products will be supported in the future, adhering to our typical product support lifecycle.


I was amazed by how much this seemed to surprise people based on the fact there has been rumblings of this move for 16 months. See Mary Jo Foley’s post “Did Microsoft just pull the plug on its secure Web gateway product?” from June 1, 2011.


Nothing I have mentioned is new to this point, so why am I bringing this up when it is three week old news?  Well, for two reasons.


1.)  No one to my knowledge has mentioned there is a comprehensive Partner FAQ.

The Forefront Product Roadmap Changes Partner FAQ discusses many aspects of the roadmap changes including:

  • Licensing availability (and implications) of the products to be discontinued
    • You can continue to purchase licenses for the discontinued Forefront products through Nov. 30, 2012. As of Dec. 1, 2012, these products will be removed from the price list).
  • Alternative solutions are mentioned.
    • In the case of Forefront TMG, they are made available from Bluecoat, Cisco, Juniper, and Websense when the workload cannot be moved to Forefront UAG.

There are mini FAQs within the 6 page document on each Forefront product affected.  A good read.


2.) There seems to be a certain amount of anxiety over what (other) solutions are affected with certain partners I have chatted with in the last few weeks.

While at partner events in several areas of the country these last few weeks I have been asked about these changes and if they impact technology or solution “X”.  The roadmap statements are clear. The Partner FAQ explicitly states there is no change to the UAG roadmap. Forefront UAG 2010 SP2 was released in August 2012, and there is no change to the FIM roadmap. FIM 2010 R2 and the Microsoft BHOLD Suite were released in June 2012.

Perhaps the confusion is an indictment of the brand clarity of Forefront or just the simple matter Microsoft has a lot of solutions across multiple brands like Forefront, Windows, System Center, etc. that relate to security in some way.  I cannot be sure.  …One partner asked me on Thursday if the changes to the Forefront lineup would mean Network Access Protection (NAP) was being discontinued!  I put his fears to rest as NAP is a component of Windows Server 2012 and can certainly still be deployed leveraging the Network Policy and Access Services role, more specifically the Network Policy Server (NPS) role service.  The comment I would make here is we tend to highlight the new or greatly enhanced capabilities in new product releases (ex. Direct Access) which can sometimes drown out highly useful standby technologies like NAP.

I think the most important thing to derive from the announcements is that we are making these changes for a good reason.  Here is what we stated out of the gate:

Microsoft has evolved its approach to security for core workloads in response to customer demand, continued increases in security threats, and feedback about Microsoft products and services. We have made an effort to better align our protection assets with the workloads they protect. The changes to the Forefront roadmaps are a result of these efforts.



I hope the FAQ is useful to you.








Comments (2)

  1. Forefront TMG was recommended to use with Lync 2010 as a Reverse Proxy.  Do you know what is recommended now?

  2. only an Admin says:

    Hi, well I have to say thank you for your "not so good" Idea to stop TMG . From the point you chnage your roadmap till now we spend about 14.000.000 € to products from other companies like GeNua to replace the TMG und also the UAG (cause the TMG is the security for the UAG). In the next step we will replace about 19 Sharepointfarms by an other product, cause our customer do not longer trust in a company that stopped a main product like this, perharps in 2 or 3 years you will stop Exchange and Sharepoint too, so we will now switch to software of other companies. In my calculation it is about 25 .000.000 Licens costs this year only from our company, you loose. You told us, with the local FW on server 2012 you can ….. sorry, that is security by th 80´s there is no way to implement application layer filtering and no good way for a central administration like it is on a TMG or any other layer 4/7 Firewall. Google and Apple must be very happy about your way to make buissenes also checkpoint, cisco , bluecoat and all the other.

    Fire the Manager who take this decision and say sorry to your customer , or I think in teh next 5 Years you will loose many of customer.

    Sorry for my bad english, have a nice day

Skip to main content