It was generally known on the Internet that something was up; Forefront Threat Management Gateway (TMG) was considered by many (on forums and blogs) as walking dead. People knew it was just a matter of time that an announcement would come. And so it did yesterday, but I did not expect the actual breadth of the announcement. The following products will no longer be available after December 1st, 2012:
User Access Gateway continues; it’s been used by people who have deployed W2008 R2 Direct Access so that they don’t have to deploy IPv6 on the LAN. It’s only a matter of time, because that functionality has been put in WS2012 Direct Access, meaning that UAG won’t be required for current version DA deployments.
Forefront Identity Manager apparently has a roadmap and will “continue to be actively developed”.
The produce formerly known as Forefront Endpoint Protection (the client and server file system/memory AV scanner) was moved to System Center with the release of SysCtr 2012 because of the reliance on Configuration Manager as the management console (also can use Intune). The definition updates are common across versions so updates will continue.
What about anti-malware protection for Exchange? Here’s what Microsoft had to say:
As part of this effort, the next release of Forefront Online Protection for Exchange, which has long been part of the Office 365 solution, will be named Exchange Online Protection.
In response to customer demand, we are adding basic antimalware protection to Exchange Server 2013. This protection can be easily turned off, replaced, or paired with other services (like Exchange Online Protection) to provide a layered defense.
Forefront Online Protection is the cloud based product; think Postini or MessageLabs, but run by Microsoft for Exchange. Anyone planning on running Exchange 2010 or older will not have an on-premises defence for Exchange after December 1st (see FPE in the above table). If you want on-site Exchange protection, you’ll have to look at 3rd party Exchange security solutions, otherwise upgrade to Exchange 2013 for “basic antimalware protection”. I’ve been recommending online and onsite protection – onsite protection defends against “internal” threats such as roaming or remote workers.