What is Forefront: Microsoft Security Solutions

Forefront is a family (suite) of products that are all focused on security.  Together they offer a very comprehensive security solution protecting applications, systems, networks and other assets.  Individually they all have there own function and there is some overlap between some of the products that make up the family.  Because of the overlap, understanding what you need to solve a particular business need is sometimes not clear.  Over the course of the year, I will do my best to help you understand the Microsoft security story and in particular what products you might need to solve business problems.  If you are interested in security in any way, you should at least understand that the Microsoft offering exists and what it can provide you.  In this post, I will give you a brief introduction to the products and in subsequent posts, I will drill down into the products to show you how to solve different security challenges.  These challenges include viruses, malware, remote connectivity, protecting against hackers and even protecting your network from your own users.

Forefront Endpoint Protection

Let’s start the conversation with Forefront Endpoint Protection 2010 which is the NEXT desktop security solution from Microsoft.  It offers complete protection against viruses, trojans, and other types of malware. Instead of talking in terms of different types of malware (viruses, trojans, keyloggers, etc.) Microsoft refers to all of these as simply malware.  Malware is short for Malicious Software so all of these threats certainly qualify. The next release of Forefront Endpoint Protection {2010} is now in beta.  If you want to kick the tires, download Forefront Endpoint Protection 2010 beta.  As is the case with other malware protection packages you have the capability to run or schedule scans, update definitions view quarantine, etc.  Updates are usually configured to be delivered automatically.  


There are many advantages to using Microsoft’s technology over other security clients.  Among them is the manageability of the product through group policy, the familiar management interface and integration with the System Center family of products.  What is likely even more interesting to many of my readers and subscribers is the cost.  Especially, for those that already have eCAL licenses deployed.  The Forefront Endpoint Protection client license is included with eCAL so the only cost (if you own eCAL) will be the time it take to implement the solution.  You might also want to investigate Intune as an online offering that includes endpoint protection. 

System Requirements:

The server components of Forefront Endpoint Protection are installed on System Center Configuration Manager to leverage software distribution, management, etc.  You can install the server components on Windows Server 2003 SP2 or later.  The client will run on Windows XP SP3 or later (including Vista or Windows 7) or Windows Server 2003 SP2 and later (x64 and x86)

Learning more about The Forefront family of products

This would be a very, very long post if I supplied detail for all of the forefront applications.  Instead of doing that, I will give you a quick blurb on each of the products and provide links so you can get additional information. I hope to put video’s out for all or most of the Forefront family of products.  For now, you can get hands on labs, download the evals/beta’s or look on the product home page’s.

Virtual Labs
Protection & Access




Download Trial

Forefront Server Security Management Console helps businesses protect their Microsoft Exchange Server 2007, Microsoft Office SharePoint Server 2007, and Microsoft Windows SharePoint Services 3.0 environments against viruses, worms, spam, and inappropriate content. System Requirements


Download Trial

Microsoft Forefront Identity Manager 2010 offers a comprehensive solution for managing identities, credentials, and identity-based access policies across heterogeneous environments. System Requirements

Protection & Access



Forefront Client Security provides unified virus and spyware protection for business desktops, laptops, and server operating systems. System Requirements

Download Trial



Download Beta

Forefront Endpoint Protection 2010, the next version of Forefront Client Security, will enable businesses to simplify and improve endpoint protection while greatly reducing infrastructure costs. System Requirements


Download Trail

Forefront Protection 2010 for Exchange Server incorporates multiple scanning engines from industry-leading partners into a single solution to detect viruses and spyware faster and more effectively than single-engine solutions. System Requirements



Forefront Online Protection for Exchange consists of layered technologies to actively help protect businesses’ inbound and outbound e-mail from spam, viruses, phishing scams, and e-mail policy violations.


1. Validate you have authoritative control over a domain and can change the domain’s MX record

2. Supply IP address or hostname of e-mail server that will receive filtered e-mail

3. Supply technical contact information

Review the trial activation process (PDF) to ensure you have the proper information prior to submitting the service request


Download Trail

Forefront Protection for SharePoint helps protect SharePoint libraries while combining multiple anti-malware scanning engines from industry-leading security partners with file and keyword filtering to provide comprehensive protection against the latest threats. System Requirements


Download Trial

Microsoft Forefront Security for Office Communications Server (OCS) provides fast and effective protection against IM-based malware by including multiple scanning engines from industry-leading security partners. It can also help reduce corporate liability by blocking IM messages that contain inappropriate content. System Requirements


Download Trial

Forefront Threat Management Gateway is a secure Web gateway that protects users from malware and other Web-based threats. System Requirements


Download Trial

Forefront Unified Access Gateway delivers comprehensive, secure remote access to corporate resources for employees, partners, and vendors on both managed and unmanaged PCs and mobile devices. System Requirements

Platform Security Components 


Active Directory Rights Management Services

Microsoft Active Directory Rights Management Services (AD RMS) in Windows Server 2008 helps safeguard digital information from unauthorized use—both online and offline, inside and outside of the firewall. System Requirements


Windows Identity Foundation

Windows Identity Foundation helps .NET developers build claims-aware applications that externalize user authentication from the application, improving developer productivity, enhancing application security, and enabling interoperability.


Active Directory Federation Services 2.0

Microsoft Active Directory Federation Services 2.0 helps IT professionals efficiently deploy and manage new applications by reducing custom implementation work, helping establish a consistent security model, and facilitating seamless collaboration between organizations with automated federation tools.