Windows Intune: required Firewall & Proxy Configuration

 

windows_intune_logo

Implementing Windows Intune might be for the most of us an ease approach because it is uses commonly used standards like http and https. Nevertheless, in organizations where internet access is controlled using firewall(s) and proxy servers this might be a challenge.

Specific services or websites has to be disclosed to work properly. The same applies to Windows Intune. For those who have to implement in such environments where internet access is limited the overview below outlines the required domain and ports in order to let Windows Intune work like a charm.

Required domains for documentation, online Help, and support

Domain Ports
*.livemeeting.com 80 and 443
*.microsoftonline.com 80 and 443
onlinehelp.microsoft.com 80
*.social.technet.microsoft.com 80
blogs.technet.com 80
go.microsoft.com 80
http://www.microsoft.com 80

 

Continue reading “Windows Intune: required Firewall & Proxy Configuration”

Windows Azure Virtual Network Site-to-Site IPsec VPN with Forefront TMG 2010

Microsoft announced Windows Azure Virtual Network and Windows Azure Virtual Machines in June 2012 to provide IaaS ‘Hybrid Cloud’ functionality.

What this allows is persistent Virtual Machines (which retain the same private addresses) running in Azure that can be joined to your on-premise Active Directory using a site-to-site IPsec VPN. The Azure VMs then act like a branch network with full connectivity and you can add Domain Controllers in the Azure Virtual Network.

pciazurelab

There some great blog posts available which guiding you through and enables cross-premises connectivity with your on-premise environment and Windows Azure. 

Enable Cross-Premises Connectivity to Windows Azure with Forefront Threat Management Gateway (TMG) 2010 source: ISAServer.org / Richard Hicks

Windows Azure Virtual Network VPN with TMG 2010 source: kloud.com.au

Technorati Tags: ,,,,,

Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

Microsoft released Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2. The issues that are fixed in this rollup package are listed in the following articles. To view these issues, click the article number to view the article in the Microsoft Knowledge Base.

Article

Title

2700248

 

FIX: A server that is running Forefront Threat Management Gateway 2010 may stop accepting all new connections and may become unresponsive

2761736

 

FIX: All servers in a load-balanced web farm may become unavailable in Forefront Threat Management Gateway 2010

2761895

 

FIX: The Firewall service (WSPSRV.EXE) may crash when the firewall policy rules are reevaluated in Forefront Threat Management Gateway 2010

2780562

FIX: PPTP connections through Forefront Threat Management Gateway (TMG) 2010 may be unsuccessful when internal clients try to access a VPN server on the external network

2780594

FIX: A non-web-proxy client in a Forefront Threat Management Gateway (TMG) 2010 environment cannot open certain load-balanced websites when TMG HTTPS inspection is enabled

2783332

 

FIX: You cannot log on when FQDN is used and Authentication delegation is set to "Kerberos constrained delegation" in a Forefront Threat Management Gateway 2010 environment

2783339

 

FIX: A closed connection to a domain controller is never reestablished when Authentication delegation is set to "Kerberos constrained delegation" in a Forefront Threat Management Gateway 2010 environment

2783345

FIX: Unexpected authentication prompts while you use an OWA website that is published by using Forefront Threat Management Gateway (TMG) 2010 when RSA authentication and FBA are used

2785800

 

FIX: A "DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)" Stop Error may occur on a server that is running Forefront Threat Management Gateway (TMG) 2010

2790765

 

FIX: A "Host Not Found (11001)" error message occurs when an SSL site is accessed by using a downstream Forefront Threat Management Gateway 2010 server that has HTTPS Inspection enabled

 

You can download the Microsoft released Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 here.

Vulnerabilities in Microsoft Forefront Unified Access Gateway #UAG Could Cause Remote Code Execution (2544641)

Today Microsoft released an important security update which applies to all versions of Microsoft Forefront Unified Access Gateway (UAG).

Executive Summary

This security update resolves five privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.

This security update is rated Important for all supported versions of Microsoft Forefront Unified Access Gateway 2010. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the way that UAG handles specially crafted requests, modifying the MicrosoftClient.JAR file, and adding exception handling around the null value of the UAG Web server. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.
Continue reading “Vulnerabilities in Microsoft Forefront Unified Access Gateway #UAG Could Cause Remote Code Execution (2544641)”

Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 released

Microsoft® Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2) introduces new functionality to Forefront TMG 2010 Standard and Enterprise Editions.

The service pack includes the following new functionality and feature improvements:

New Reports
• The new Site Activity report displays a report showing the data transfer between users and specific websites for any user.

Error Pages
• A new look and feel has been created for error pages.
• Error pages can be more easily customized and can include embedded objects.

Kerberos Authentication
• You can now use Kerberos authentication when you deploy an array using network load balancing (NLB).

To read the release notes, see the Forefront TMG Release Notes (SP2). Before installing this service pack, it is highly recommended that you read the TechNet article Installing Forefront TMG Service Packs. Installing the service pack on Forefront TMG computers in an order other than as described in this article is unsupported.

Microsoft Forefront UAG SP2 can be downloaded here