Publishing Office Communication Server (OCS) and Communicator Web Access (CWA) with UAG has been a source of confusion for some UAG customers, mostly because these products offer a wide range of functionality. Some of this is pretty simple to configure, and some takes more planning.

When planning OCS publishing with UAG, one must take into consideration the fact that OCS has many features, functions and roles. Not all of them were planned with publishing in-mind, and UAG was not designed to publish all the features either. Essentially, UAG includes a special template for Communicator Web Access (CWA) 2007, and for other features, UAG does not include built-in functionality, and something “else” needs to be used.

Virtually any firewall product in the market can be used to publish internal servers to the outside world. Some companies may refer to this as “port forwarding” or “Reverse-proxying”, or even simply as “routing”. At Microsoft, we divide this into sort of functionality into two categories. The 1^st is “Web publishing”, in which an edge device gives computers on the internet access to web servers inside the organizational network. The 2^nd is “Server publishing”, in which the access is to services that are not necessarily web services (for example, RDP access). The difference is that web services are a narrow type of service, which is very clearly defined. This clear definition allows us to offer additional features that go beyond just moving the packets from one “side” to the other. For example, with Web Publishing, we can do more advanced content inspection, and can block certain file-types from being transferred.

If you purchased UAG to publish certain applications, good chance you’d prefer not to purchase any additional devices to publish the non-web OCS features, and the good news is that UAG does, in fact, include something else…TMG! If you read your documentation carefully or ever spoken to Microsoft Customer Support, you are probably aware that trying to use the UAG server for “other” things is not supported. You’re not supposed to tack-on an additional website on the IIS that��s on UAG to publish your cafeteria’s lunch menu, or use the SQL that’s there to store your inventory database. We do, however, allow for a certain, limited list of things to be done with TMG, as stated here in the support boundaries for uag (http://technet.microsoft.com/en-us/library/ee522953.aspx). This list includes publishing OCS features other than CWA.

When you publish something with TMG, you select whether you want to use Web Publishing or Server publishing by the type of task you select in the task list. There are actually some more variations for types of publishing, but for our purposes, the “Publish Non-Web Server” is the relevant one for OCS’s features. Using this wizard will allow you to specify which ports you need to publish, which depends on the type of service you need to publish. For example, you may need to publish port 5063 for incoming SIP listening requests or port 8057 for direct PSOM connections from Live Meeting clients.

I will not cover this in high detail here, as this blog is about UAG, but you can read more about server publishing in one of many books that are available about TMG, such as this one. For more information about ports used by OCS, refer to this article.

To publish CWA itself using UAG, what you need to know is that CWA needs to be published as a non-HAT application (a.k.a AAM-Like application). If you are not familiar with HAT and what it does, you might want to take a peek at this blog post. Like SharePoint, CWA cannot be published with the HAT mechanism, and requires its own public hostname, which brings the following considerations into play:

1. The public hostname needs to be based on the same public domain you are using for your UAG trunk. For example, if your trunk is published as https://uag.contoso.com, then you need to use something like https://*.contoso.com for CWA.

2. If your UAG trunk is an HTTPS trunk, it has to have a certificate, and that certificate needs to certify both the trunk’s hostname and the CWA’s. Most UAG customers use a wildcard certificate for this, and others prefer a more economic SAN certificate. I should mention that wildcard certs don’t have to cost an arm and a leg. Some websites like http://www.sslcatacombnetworking.com and http://www.rapidssl.com offer them for as low as $199 a year.

3. Both hostnames need to be publicly resolvable to the UAG trunk’s external IP. This is not absolutely mandatory, as you can use static HOSTS file entries on your client computer, but if your intended audience is the general public, setting up the DNS correctly is very important.

4. The authentication settings on the CWA server need to be adjusted to allow UAG to perform Single-Sign-On. With UAG, you need to publish the “External” CWA site, and use custom authentication, as described in the lab guide http://www.microsoft.com/downloads/en/confirmation.aspx?FamilyID=0e21123a-8452-4b25-8cde-57f750cd7803

So, the 1^st step is to choose the name that you want to use. The 2^nd is changing your certificate, if you are using an HTTPS trunk and your current cert is not a SAN or Wildcard cert. The 3^rd step is to add the appropriate host name to your domain’s public DNS server. The 4^th step is to adjust the CWA site settings, or re-publish it according to the specifics in the above-mentioned guide. Once this is done, you can start the UAG wizard.

On the UAG application wizard, the key element is setting the public host name in step 5 of the wizard:

Setting the internal website is also important, because that tells UAG with which internal server it talks to. That server has to be resolvable and reachable on the appropriate ports. This part is no different than publishing other applications, but some users are iffy about it still. In case the publishing does not work, one of the first troubleshooting steps would be to try to access the server directly from the UAG server (open a browser on the UAG server, and browse to http://CWA01/quicksignin, in our case). If it does not work from UAG, it cannot work through UAG.

Blog Post written by Ben Ari

We would like to inform you that we have released two new rollups.

 

Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

We have released Software Update 1 Rollup 2. More information about the rollup is available in the following KB article- http://support.microsoft.com/kb/2475183

 

ISA Server 2006 SP1 Hotfix Package

We have released a Hotfix a Hotfix Package for ISA Server 2006 SP1. More information is available in the following KB article – http://support.microsoft.com/kb/2475184

 

Availability

If you are affected by one of the symptoms described in the articles above, you can request access to hotfix by pressing a link in the article (similar to the one in the picture below):

These fixes will also be included in the next service pack released for these products.

 

Seasons greetings and happy new year,

The Forefront Threat Management Gateway team

Have you ever wondered why Forefront TMG Client processes (FwcAgent.exe, FwcMgmt.exe) show up on Task Manager as 32bit processes as shown in Figure below?

Many Firewall Admins start wondering why this happens even when they know that Forefront TMG Client is a full 64bit application. The answer is: this is an expected behavior. The Forefront TMG Client package supports both 32- and 64-bit versions of Windows and on 64-bit Windows supports both 32- and 64-bit processes. The FwcMgmt.exe and FwcAgent.exe processes do not use any of the capabilities that are only available for 64-bit processes (e.g. larger memory space) so it was decided that having both 32-bit and 64-bit flavors is not worth the effort. However, it is important to notice that Forefront TMG Client includes a WinSock Layered Service Provider component, which is loaded inproc by WinSock applications and therefore must have the same “bit-ness” as the application. Hence there are two WinSock Layered Service Provider DLLs, FwcWsp.dll and FwcWsp64.dll, supporting 32-bit and 64-bit applications, respectively:

 

c:\>filever "c:\Program Files (x86)\Forefront TMG Client\FwcWsp64.dll" –a– Wx64 DLL ENU 7.0.7734.100 shp 356,848 10-14-2009 fwcwsp64.dll c:\>filever "c:\Program Files (x86)\Forefront TMG Client\FwcWsp.dll" –a– W32i DLL ENU 7.0.7734.100 shp 348,560 10-14-2009 fwcwsp.dll

The “bit-ness” of the FWC processes (management tools) does not have to match the “bit-ness” of any application and hence having them 32-bit is good enough.

Author
Oved Itzhak
Senior SDE
Microsoft Forefront TMG Team

Technical Reviewers
Yuri Diogenes
Sr Security Support Escalation Engineer
Microsoft CSS Forefront Security Edge Team

Ori Yosefi
Senior Program Manager
Microsoft Forefront TMG Team

We know there are many customers who are extremely happy with ISA Server 2006 and have been putting off migration to Forefront TMG 2010. As 2010 is coming to an end, we think you should include migration to TMG 2010 as one of your new year resolutions.

This post will focus on showing you why and help you learn more about Forefront TMG 2010.

 

Value Proposition: Microsoft Secure Web Gateway with Forefront TMG 2010

Forefront Threat Management Gateway allows employees to safely and productively use the Internet without worrying about malware and other threats. It provides multiple layers of continuously updated protections against the latest Web-based threats, including URL filtering, antimalware inspection, and intrusion prevention.

 

Microsoft Forefront TMG Core Capabilities

Microsoft Forefront TMG 2010 is positioned as a Secure Web Gateway. The core new features of this product are:

• URL filtering: improves blocking of malicious or inappropriate sites using aggregated data from multiple URL filtering vendors and the anti-phishing and malware technologies that also protect Internet Explorer 8 users.
• HTTPS Inspection: inspect outbound HTTPS traffic in order to protect your organization from security risks inherent to Secure Sockets Layer (SSL) tunnels, such as viruses and other malicious content that could infiltrate the organization undetected.
• Intrusion Prevention (NIS): Protects against browser-based and other Microsoft vulnerabilities.
• Web anti-malware: Provides highly accurate malware detection with the same world-class engine that is used by Microsoft Security Essentials and Microsoft Forefront products.
• Support for Windows Server 2008 R2 (x64): first Microsoft Edge protection product that leverages the scalability and increased memory space improvements of the Windows 64 bit platform.

 

ISA Server 200X Capabilities

ISA Server 200x doesn’t offer the same Secure Web Gateway capabilities that Forefront TMG offers. ISA Server 200x is commonly used in a Proxy (forward and reverse) type of scenario. Forefront TMG inherits all the ISA Server 2006 capabilities and adds new features to provide more comprehensive protection, while providing a seamless migration path.

Side by Side Comparison

Use the table below to compare ISA 2006 to TMG 2010 feature wise:

What you can do on TMG that you cannot do on ISA

Back in May 2010 I wrote a post on my personal blog where I covered some common scenarios where customers commonly ask if they can use ISA. I selected the top 5 scenarios where there is a real need in the environment, however such a need cannot be answered by ISA Server. The good news is that it can be definitely be answered with TMG. Check the full article at http://blogs.technet.com/b/yuridiogenes/archive/2010/05/28/can-i-do-this-on-isa-server-no-but-you-can-with-tmg.aspx

Learn more about Forefront TMG 2010

Below are some resources that are available for learning about and trying Forefront TMG 2010:

• Forefront TMG Virtual Lab – excellent resource for trying out TMG without having to install it first.
• Forefront TMG Trial version – 120 day, fully functional, trial version to install and test in your own labs.
• Microsoft Business Ready Security Lab – The Microsoft Business Ready Security trial environment provides an end to end trial experience across all of the Business Ready Security solutions. The environment provides an opportunity to evaluate protection, access, management and identity technologies as a pre-configured set of VHDs
• Case Studies Site
• Using Forefront TMG 2010 as a Secure Web Gateway solution – TechNet Magazine article.
• Forefront TMG Pricing and Licensing.
• MS Tech Edge Video about TMG migration from ISA.
• MS Tech Edge Video about TMG Web Access Protection.
• Forefront TMG Web Casts:
  • Forefront Threat Management Gateway 2010: Protection Features and Underlying Technologies
  • Forefront Threat Management Gateway: Deployment, Migration, and Licensing
• TMG Team Blog
• Forefront Edge Community Site
• Microsoft Press Forefront TMG 2010 Administrator’s Companion Book

Author

Yuri Diogenes

Sr Security Support Escalation Engineer

Microsoft CSS Forefront Security Edge Team

 

Reviewer

Ori Yosefi

Senior Program Manager

Microsoft Forefront Threat Management Gateway Team

Hello,

Today we released Security Advisory 2488013 to address a public vulnerability that could affect customers using Internet Explorer 6, 7 and 8 if they visit a website hosting malicious code. Currently the impact of this vulnerability is limited and we are not aware of any affected customers or active attacks targeting customers.

Internet Explorer Protected Mode on Windows Vista and later versions of Windows helps to limit the impact of the currently known proof-of-concept exploits. Protected Mode is on by default in the Internet and Restricted sites zones in Internet Explorer 7 and 8 and prompts users before allowing software to install, run or modify sensitive system components.

The Security Advisory includes additional workarounds and mitigations that will help protect customers. Our Security and Research team has written a detailed blog post on the more technical aspects.

We initiated our Software Security Incident Response Process (SSIRP) to manage this issue and are sharing detailed information through the Microsoft Active Protections Program (MAPP). Our 70 global MAPP partners, including leading providers of anti-virus and anti-malware products, provide protections for an estimated one billion customers worldwide. With our partners, Microsoft is actively working to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability. If your protection provider is in our MAPP program, you can contact them concerning the status of providing protections for this issue as it is likely that updated malware signatures in these products will offer further protection.

We are working to develop a security update to address this attack against our customers. The issue does not currently meet the criteria for an out-of-band release. However, we are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog.

As always, we encourage Internet users to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at Home.

Thanks,

 

Carlene Chmaj

Microsoft Trustworthy Computing, Senior Response Communications Manager

I’ve been heads-down with the SCM Engineering Team the last couple of weeks planning the next release of Security Compliance Manager (SCM) , version 2.0. I’m pretty excited about this release – it is going to take the application / solution…(read more)

I’ve been heads-down with the SCM Engineering Team the last couple of weeks planning the next release of Security Compliance Manager (SCM) , version 2.0. I’m pretty excited about this release – it is going to take the application / solution…(read more)

I’ve been heads-down with the SCM Engineering Team the last couple of weeks planning the next release of Security Compliance Manager (SCM) , version 2.0. I’m pretty excited about this release – it is going to take the application / solution…(read more)

Introduction

UI Search is a TMG feature designed to help administrators instantly filter Firewall Policy rules according to a search criteria string. This feature resembles the "Search Inbox" in Microsoft Outlook and is generally designed to deliver similar functionality.

 

Usage – visual filtering

UI search can be used to filter rules according to the attributes shown in the management console as column names. All these attributes are supported for localized version of TMG in the very same form as they’re shown in UI.

A simple example would be finding all deny rules (Search for “Action:Deny”). For an empty user policy combined with a default system policy, the resulting set of rules will look the following way:

Now, if we’d like to see only those rules that deny access to HTTP protocol, search for: “Action:deny protocol:http”. The query and result would look like this:

We get a single rule which is a subset of the previous query. Here we can see some potential ambiguity: when filtering on “HTTP” both “HTTP” and “HTTPS” will be found since the value is matched as a substring.

Another nice example would be searching for rules governing traffic from external network to local host (search for ‘from:external to:”local host”’):

Usage – search in depth

The same search can be used to find rules where any of their sub-properties fit the search criteria. A good example of that would be searching for rules according to a protocol description:

Consider the following protocol:

This protocol got a twin brother: “System Center Operation Manager Agent Installation”. If we search for ‘Description:"Microsoft System Center Operation Manager 2007 Agent"’ or just "Microsoft System Center Operation Manager 2007 Agent", we get the two rules referring these protocols:

Another example is filtering rules that deal with download.windowsupdate.com URL. In the example below the URL is part of the “Microsoft Update Sites” Domain name set.

And another one:

Here we note that all rules except the last one were matched according to their description, while the last one is matched according to its users. We can differentiate the result by more precise queries (‘user:”network service”’):

and (‘description:”network service”’)

Queries syntax

Warning: The following sections contains technical mambo jambo. Use at your own risk!

Documentation of the syntax the query follows is available in http://technet.microsoft.com/en-us/library/dd897127.aspx

The search string uses the following grammar:

S -> CriterionList

CriterionList -> CriterionList Criterion | Criterion

Criterion -> Token CLN Token | Token

Token -> TokenType1| DBQ TokenType2 DBQ | SLQ TokenType3 SLQ

Tokens:

CLN -> :

DBQ -> “  //double quote

SLQ -> ‘  //single quote

TokenType1 -> [^ \t\n:\"\’]* //sequence of characters NOT containing spaces, tabs, caret returns, colons, double and single quotes

TokenType2 -> [^\"]  //sequence of characters NOT containing double quotes

TokenType3 -> [^\’]  //sequence of characters NOT containing single quotes

Please note that double or single quotes must be used when the search string contains spaces, otherwise it will be processed as two separate search strings.

Implementation details

There are situations in which a search executed from the UI will return more matches, than the exact same search executed using the COM interface. This happens because the UI initializes the full COM sub-tree for rule objects, creating all underlying children (including those that are implicitly set to defaults and are created by demand), while direct search through the COM interface won’t see the default children and won’t perform lookup on them. However, this will never happen for the matching object that were created or modified by a user.

 

Written by: Dima Datsenko, Software Design Engineer, Forefront Threat Management Gateway

Reviewed by: Ori Yosefi, Senior Program Manager, Forefront Threat Management Gateway

Hi everyone. I’m David from the UAG test team. In this post I want to tell you a bit about the test work we did for UAG 2010 SP1.

During this release, our major goal was to bring the product to a new level of quality, and to do this we pretty much rebuilt our tests from scratch.

Here’s a short overview of our key investments:

 

Immediate results – running all the tests every night

One of the most important lessons from past releases is that if an automatic test doesn’t run every night – it breaks, and once tests start to break, heavy costs are involved to fix them.

Our goal was simple – if the nightly build ends at 11pm, all automatic tests must finish running on that build by 8am the next morning. That provides 9 hours to run all the automatic tests. Sounds simple, huh?

But the challenge is huge. In terms of UAG tests, 9 hours is a very short time. Just deploying the topology (which beside the UAG machines, also contains: clients, ADFS servers, SharePoint and Exchange servers, etc…) takes a minimum of 2 hours, not to mention the fact that UAG has lots of features to test, which means insane amount of tests.

Parallelization is the key here. Although running all the automated tests takes well over 40 hours, running them in 6 labs in parallel gets us to our goal. The trick is to get automation to a state where it’s possible to easily run tests in parallel. Here are some of the steps we took to get there:

– Automate lab deployment

– Focus tests on key topologies

– Decoupling test suites (which partly use virtualization)

 

Robustness – Configuring the user interface (UI) without UI automation

A classic testability problem – you can only configure UAG using its UI. Pre-SP1 automation solved this problem using a traditional approach of UI automation. As you can guess, that approach isn’t very robust. To improve it we tried a new approach – creating testability hooks to access the UI code directly, thus bypassing the testability problem, without fragile UI dependencies. This method isn’t bullet proof, and does have downsides, but it allows the discovery of most test-breaking changes during compile time, and even provides some coverage of UI code paths.

We used code generation to simplify the process even further. To update the product configuration, hook was written. The hook definitions (structure, parameters to pass) are kept in an XML file. From the XML files we generate code that the product code can include, as well as scripts that the test code can execute. All that is then required is to implement the actual hook logic in the product code, and you have your hook, with almost no test code to implement.

The process of adding a UI hook looks like this:

Agility – Utilizing the power of virtualization

Automatic tests running each night don’t help if the tests break too often. We want tests to find the problems before damage is done. Changing tests from being bug detectors to bug preventers is probably the holy grail of test teams everywhere, but it’s much easier said than done.

Why? One of the reasons is that running tests require labs, and lab resources are usually limited.

Even if you manage to simplify your automation so that anyone can run it, it isn’t effective if a 20-box ultra-complex topology is needed to run the tests. This is especially a problem in a product such as UAG, where the topologies we use to simulate real customer scenarios are complex.

Here virtualization came into play. We designed a single virtual 8-box topology (nicknamed “private lab”), that includes everything required to run most automatic tests.

The next step, believe it or not, was to provide every developer and tester with his or her own private lab. We’re talking about over 1,000 virtual machines, hosted on a few ultra-powerful hosts. This wasn’t easy to maintain, but it was well worth the price. Bugs were found before getting submitted, and developers were able to easily evaluate the effect of their code changes.

Here’s a representation of a private lab (Note that this is the DirectAccess flavor of the private lab. When testing Secure Web Publishing scenarios, we used different lab flavors).

Private lab topology

During virtualization we utilized the power of snapshots, which helped us in 2 ways:

1 – Speeding up new build deployment:

Instead of rebuilding the topology every night before running the tests, each topology came with a snapshot named “Baseline”. The baseline snapshot contained all the static elements of the lab (meaning all the stuff that doesn’t change between builds). To clean up the lab between builds, we simply reverted the lab back to its baseline snapshot.

2 – Solving the “dirty lab” problem:

A major challenge during testing is cleaning up machines between test suites. This is especially a problem when testing technologies like DirectAccess, which spreads GPOs across most of the lab machines, and are difficult to clean up. Our solution was to create a snapshot called “CleanConfiguration” during the automation cycle flow. This snapshot provided a common starting point for all test suites, making cleanup the simple step of reverting the lab back to the CleanConfiguration snapshot. By using this approach, Parallelization became an easy task.

To better explain, here’s a short pseudo-code implementation of our automation cycle flow :

1. Revert the lab to the “Baseline” snapshot.

2. Prepare the lab to run tests (install the product, etc…).

3. Create “CleanConfiguration” snapshot (if one already exists, overwrite it).

4. For each test suite

a. Run the test suite.

b. Revert the lab to the “CleanConfiguration” snapshot.

Note that at the end of our cycle, the lab has the “CleanConfiguration” snapshot of the latest build it ran. This is not accidental – it’s used in case we need to rerun a test on an exact same lab (for example, to confirm the reproducibility of a certain bug). We are able to do this until the next cycle, without needing to redeploy the product.

 

Reusability – Separate tests from topology

Accessing topology data inside test code isn’t easy. On the one hand, you want to decouple tests from the topology as much as possible. On the other, you want a simple, logical, maintainable object model that allows you to write simple clean code. For example:

 

            foreach (Machine machine in lab.Topology.Machines)

            {

                Console.WriteLine("I’m machine {0}, from domain {1}",

                                  machine.FQDN,

                                  machine.Domain);

            }

 

To do this we created a special topology API, which includes both the code that creates the topology, and the tests can access.

By separating the tests from the topology data, we were able to do cool stuff like run all our automatic tests using different topologies (that better simulate real customer scenarios), without writing a single extra line of code.

We used the .Net WCF ServiceModel Metadata Utility tool (svcutil.exe) to auto-generate the object model from a schema XSD file, and kept the XSD (which is somewhat easier to maintain then the actual code). We were able to easily serialize and deserialize all the topology data from an easy and intuitive XML format (that already has a schema) for no cost. Naturally, the generated code you get from SVCUtil isn’t enough, since the topology objects sometimes require some more complex actions. To support them, we added extension classes to the generated code.

In the end, it looked something like the following example –

· We have our schema XSD file, which contained topology objects, such as this:

 

  <xs:complexType name="Credentials">

    <xs:complexContent>

      <xs:extension base="om:ReferenceObject">

        <xs:sequence>

          <xs:element type="xs:string" name="Username" minOccurs="0" maxOccurs="1"/>

          <xs:element type="xs:string" name="Password" minOccurs="0" maxOccurs="1"/>

          <xs:element type="xs:string" name="Domain" minOccurs="0" maxOccurs="1" />

        </xs:sequence>       

      </xs:extension>

    </xs:complexContent>

  </xs:complexType>

· After running SVCUtil, we get this auto-generated code that matches the Credentials object:

    [System.Diagnostics.DebuggerStepThroughAttribute()]

    [System.CodeDom.Compiler.GeneratedCodeAttribute("System.Runtime.Serialization", "3.0.0.0")]

    [System.Runtime.Serialization.DataContractAttribute(Name="Credentials", Namespace="http://AAG.Test.Infrastructure.Configuration.ObjectModel/", IsReference=true)]

    public partial class Credentials : aag.test.infrastructure.configuration.objectmodel.ReferenceObject

    {

       

        private string UsernameField;

        private string PasswordField;

        private string DomainField;

       

        [System.Runtime.Serialization.DataMemberAttribute(EmitDefaultValue=false)]

        public string Username

        {

            get {return this.UsernameField;}

            set {this.UsernameField = value;}

        }

       

        [System.Runtime.Serialization.DataMemberAttribute(EmitDefaultValue=false, Order=1)]

        public string Password

        {

            get{return this.PasswordField;}

            set{this.PasswordField = value;}

        }

· And that object can be easily serialized and de-serialized from an XML file looking like this –

          <Admin z:Id="DomainAdmin">

            <ID>DomainAdmin</ID>

            <Username>admin</Username>

            <Password>admin</Password>

            <Domain>contoso.com</Domain>

          </Admin>

 

If you have any questions, or would like to see more such posts in the future, comment this post and let us know.

Thanks!

David

David Bahat
Anywhere Access Group (AAG)

Hello,

Today we published the December 2010 Security Bulletin Webcast Questions & Answers page. We fielded 17 questions, most concerning the Internet Explorer update and the re-releases of bulletins this month. We invite our customers to join us for the next public webcast on Wednesday, January 12 at 11am PST (-8 UTC), when we will go into detail about the December bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, January 12, 2011
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

Thanks –

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Protection Server Management Console 2010 (FPSMC).

 

On December 17th, 2010 Microsoft shipped the Forefront Protection Server Management Console (FPSMC) to provide centralized management for the Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint servers in your environment. FPSMC provides multi-server management through a browser-based interface, and supports the following features:

 

·         Signature redistribution

·         Policy (configuration) deployment

·         Centralized incident, spam, and engine version reporting

·         Centralized quarantine management

·         Auto discovery of new servers

·         Integration with Forefront Online Protection for Exchange

 

For a complete list of features included in this free release, along with directions for download and installation, please go to: http://www.microsoft.com/downloads/details.aspx?FamilyID=31f66155-50f0-4665-adc0-de94da027ed7

 

 

Andrew Schiano

Software Development Engineer in Test

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Protection Server Management Console 2010 (FPSMC).

 

On December 17th, 2010 Microsoft shipped the Forefront Protection Server Management Console (FPSMC) to provide centralized management for the Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint servers in your environment. FPSMC provides multi-server management through a browser-based interface, and supports the following features:

 

·         Signature redistribution

·         Policy (configuration) deployment

·         Centralized incident, spam, and engine version reporting

·         Centralized quarantine management

·         Auto discovery of new servers

·         Integration with Forefront Online Protection for Exchange

 

For a complete list of features included in this free release, along with directions for download and installation, please go to: http://www.microsoft.com/downloads/details.aspx?FamilyID=31f66155-50f0-4665-adc0-de94da027ed7

 

 

Andrew Schiano

Software Development Engineer in Test

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Protection Server Management Console 2010 (FPSMC).

 

On December 17th, 2010 Microsoft shipped the Forefront Protection Server Management Console (FPSMC) to provide centralized management for the Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint servers in your environment. FPSMC provides multi-server management through a browser-based interface, and supports the following features:

 

·         Signature redistribution

·         Policy (configuration) deployment

·         Centralized incident, spam, and engine version reporting

·         Centralized quarantine management

·         Auto discovery of new servers

·         Integration with Forefront Online Protection for Exchange

 

For a complete list of features included in this free release, along with directions for download and installation, please go to: http://www.microsoft.com/downloads/details.aspx?FamilyID=31f66155-50f0-4665-adc0-de94da027ed7

 

 

Andrew Schiano

Software Development Engineer in Test

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Protection Server Management Console 2010 (FPSMC).

 

On December 17th, 2010 Microsoft shipped the Forefront Protection Server Management Console (FPSMC) to provide centralized management for the Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint servers in your environment. FPSMC provides multi-server management through a browser-based interface, and supports the following features:

 

·         Signature redistribution

·         Policy (configuration) deployment

·         Centralized incident, spam, and engine version reporting

·         Centralized quarantine management

·         Auto discovery of new servers

·         Integration with Forefront Online Protection for Exchange

 

For a complete list of features included in this free release, along with directions for download and installation, please go to: http://www.microsoft.com/downloads/details.aspx?FamilyID=31f66155-50f0-4665-adc0-de94da027ed7

 

 

Andrew Schiano

Software Development Engineer in Test

    

Hello!

We’re proud today with this significant milestone to both Microsoft and you, our customers, in the mission we undertook of converging client management and security, providing effective endpoint protection across all market segments, consumer through enterprise. Shipping FEP 2010 and MSE 2010 products completes a fast development cycle, with tremendous focus on customers, agile engineering, and robust quality!

Today we give you both Forefront Endpoint Protection 2010, a fully integrated antimalware and security management platform that leverages the robust functionality of System Center Configuration Manager 2007, and the latest version of Microsoft Security Essentials, a fully featured antimalware and security protection client for the consumer audience.

Based on customer feedback, we are also releasing FEP 2010 Security Management Pack (FEP SMP). FEP SMP includes real-time server monitoring (through System Center Operations Manager) and optimized server security settings, with the top 16 Microsoft server workloads and roles supported out-of-the-box!

We’ve got resources available for you today:

• Forefront Endpoint Protection Evaluation downloads
• Forefront Endpoint Protection TechNet Library
• Forefront Endpoint Protection TechCenter
• Forefront Endpoint Protection Forum

Thanks!

The Forefront Endpoint Protection Team

On behalf of the Security team at Microsoft, I am please to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Security for Office Communications Server.

 

On December 15th, Microsoft shipped Hotfix Rollup 2 for Forefront Security for Office Communications Server (FSOCS) to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: http://support.microsoft.com/kb/2482040  

 

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this Hotfix Rollup.

 

Regards,

Robert McCarthy

CSS Microsoft Security

On behalf of the Security team at Microsoft, I am please to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Security for Office Communications Server.

 

On December 15th, Microsoft shipped Hotfix Rollup 2 for Forefront Security for Office Communications Server (FSOCS) to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: http://support.microsoft.com/kb/2482040  

 

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this Hotfix Rollup.

 

Regards,

Robert McCarthy

CSS Microsoft Security

On behalf of the Security team at Microsoft, I am please to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Security for Office Communications Server.

 

On December 15th, Microsoft shipped Hotfix Rollup 2 for Forefront Security for Office Communications Server (FSOCS) to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: http://support.microsoft.com/kb/2482040  

 

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this Hotfix Rollup.

 

Regards,

Robert McCarthy

CSS Microsoft Security

On behalf of the Security team at Microsoft, I am please to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Security for Office Communications Server.

 

On December 15th, Microsoft shipped Hotfix Rollup 2 for Forefront Security for Office Communications Server (FSOCS) to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: http://support.microsoft.com/kb/2482040  

 

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this Hotfix Rollup.

 

Regards,

Robert McCarthy

CSS Microsoft Security