Wednesday, 12 September 2012

Important Changes to the Microsoft Forefront Product Roadmap

Microsoft has recently announced publically the future roadmap for various Forefront products which can be found here: Important Changes to Forefront Roadmaps 

So, with a focus on Forefront TMG and Forefront UAG for this post, we can summarise the public announcement as follows:

Forefront TMG

  • There will be no further releases of the Forefront TMG product (or service packs).
  • Forefront TMG mainstream support will end on April 14, 2015 and extended support will end April 14, 2020.
  • Forefront TMG Web Protection Services (WPS) subscriptions will continue to be supported until December 31, 2015.
  • As of December 1, 2012, Forefront TMG will be removed from the price list and will not be available for purchase.
  • For customers using Forefront TMG for caching, secure web gateway, and firewall scenarios, there is no Microsoft equivalent that can be migrated to at the end of the extended support period.
  • Most web publishing scenarios that are supported by TMG can be published by UAG, including SharePoint and Exchange. In addition, UAG provides many additional publishing scenarios with federated authentication and granular authorisation policies.
  • VPN capabilities previously provided by Forefront TMG can be provided by the Unified Remote Access (URA) features of Windows Server 2012 (or UAG for SSL VPN).

Forefront UAG

  • There is no change to the UAG roadmap.UAG continues to be actively developed as seen by the recent release of UAG Service Pack 2 in August 2012.

So finally, we have an answer on the future of Forefront TMG and Forefront UAG products. In many ways it is a great shame to see such a well engineered, community supported and customer admired product like Forefront TMG finally laid to rest, but I guess things move on unfortunately. It will be interesting to see how UAG continues to be actively developed over time. If you haven’t looked at Forefront UAG, it may be worth brushing up your skills (or consultancy relationships) if you currently use Forefront TMG for reverse proxy or remote access scenarios. End of an era…you betcha!


  1. Hi Jason,
    ever since Gartner Group published the cryptic M$-Statement about TMG in the magic quadrant (let me recall M$´s words) "not competing in that competitive area" i´ve been wondering what their strategy on an equivalent on "Safe-Client-Internet-Access" is ? The only scenario, where this makes sense is - "There IS no such thing as a safe environment (e.g. Intranet) for clients anyway so why bother about sthg. like an outbound gateway" - But in the end this assumes all the advanced protection (especially with 3rd-Party-ISAPI-solutions) taking place on TMG today is transferred to each client .... In an ideal world we would be there already .... but i guess some of our clients are not ... quite ....;-)


  2. Hi Jason,

    Great post as always - Don't suppose you have any ideas on what MS are planning on doing for EAS and Certificate based auth when TMG gets laid to rest do you? As you know UAG doesn't currently support that option and with MS pushing customers down the UAG route for publishing I suspect that they will have to implement some sort of feature set in a UAG Service Pack or something?

    All the best! :)

    1. Yeah that is one of the elements that is covered in the migrating from TMG to UAG blog post I published today. Not that many people actually know about that one ;)

      I assume there may be a few TMG-esque features that may/will need to be added to UAG but not sure if MS plans to do that or not...

  3. This sucks. Why drop a capability that was gaining significant interest?