Techniques for Blocking Anonymous Public Proxies using Forefront TMG 2010

I’ve spent the better party of the last 16 years implementing and managing edge security and remote access solutions for some of the largest organizations in the world. With a lot of experience enforcing Internet access policies, I can tell you from experience that users will try anything to circumvent those restrictions. One of the most common methods of avoiding in place access controls is public anonymous proxy servers. In this month’s article I’ll demonstrate a few techniques for preventing public anonymous proxy server access using Forefront TMG 2010.

Microsoft Forefront TMG 2010

SQL Database Options in Microsoft Azure

One of my favorite things about the Microsoft Azure public cloud is the SQL database options that are available. Whenever I’m building a test lab that requires an SQL database, in the past it would take quite a long time to get a VM provisioned and SQL installed and configured. Also, with limited local resources, my test lab SQL servers were often significantly underpowered. With Azure-hosted SQL databases, that’s no longer a problem. I can provision a Windows Server 2012 R2 VM with whatever version of SQL I require in just a few minutes. In addition, I’m no longer constrained by local resources. Now I routinely provision very powerful VMs, typically with at least 8 cores and 14GB of RAM, which makes testing much easier. Microsoft Azure also features SQL database as a service options too, which doesn’t require provisioning a VM. This works quite well in many cases. For more information about SQL database options in Microsoft Azure, be sure to read my latest article on

Configure a Windows Server 2012 R2 Lab in Microsoft Azure

Configure a Windows Server 2012 R2 Test Lab in Microsoft Azure

I’ve really enjoyed working with Microsoft Azure over the last few years. The service continues to add new features at a rapid pace, and I’m finding myself using Azure virtual machines much more frequently that in the past. Recently I decided to configure a full, standalone Windows Server 2012 R2 lab hosted entirely in Azure. The first challenge I faced was configuring the domain controller. As it turns out, there are a few things you have to do to make it work. Read my latest article in to find out the details.

Configure a Windows Server 2012 R2 Lab in Microsoft Azure

Integrating Microsoft Exchange 2010 Edge Transport with Forefront TMG 2010

If you are still hosting your own Microsoft Exchange 2010 server on-premises, you may be considering the integration of the Exchange Edge Transport role with Forefront TMG 2010. There are a variety of reasons for doing this, but it is not without some drawbacks. If you’d like to learn more about this deployment scenario and how to configure both Exchange and TMG to accomplish this, read my latest post on here.

Microsoft Forefront TMG 2010

Deploying a WordPress Blog on Microsoft Azure

WordPress is an excellent blogging platform, and one that I’ve used for many years. My first two blogs, and, were both created using the hosted WordPress platform at Recently I decided to move my personal web site (the site you are viewing now!) over to Microsoft Azure. Instead of migrating my old Classic ASP web site I created a long time ago, I decided that I’d leverage Azure’s support for WordPress. I have to say I’ve really enjoyed the process! There were a few catches, but for the most part it has been a great experience. In my latest article at you can learn for yourself how to create and deploy a WordPress blog on the powerful Microsoft Azure platform. Enjoy!

Deploy WordPress on Microsoft Azure

Monitoring Strategies for Forefront TMG 2010

So, you’ve just finished installing, configuring, and deploying Forefront TMG 2010 in production. You’re done, right? Not quite! After implementing TMG it is vital that you establish performance baselines and prepare a monitoring strategy to ensure the smooth operation and continued availability for the solution. In my latest article on I discuss some effective monitoring strategies for Forefront TMG 2010 that I’ve gained from implementing and supporting TMG deployments for some of the largest companies in the world. Read it today!

Microsoft Forefront TMG 2010 Newsletter – May 2014

In this month’s monthly newsletter I discuss two important security reports that were recently released – the Verizon 2014 Data Breach Investigations Report (DBIR) and the Microsoft Security Intelligence Report (SIR) Volume 16. Each of these reports include important information about current attack methods and exploit trends. The DBIR focuses on successful data breaches, while the SIR provides detailed information about software vulnerabilities and exploits, which themselves are often used in successful data breaches. Be sure to read this month’s newsletter for all of the details.

Upcoming DirectAccess Sessions

Microsoft TechEd North America 2014 is officially in the books. Although I was not in attendance this year, I understand that there was very little talk about DirectAccess during the weeklong event in Houston. I’ve had a number of people reach out to me about this, and for those interested I will be delivering at least two talks about Windows-based remote access in general, and DirectAccess specifically this year. I’ll be presenting a high-level session on remote access that includes DirectAccess at TechDays San Francisco, CA on June 5-6. This will be a 75 minute overview session for all things remote access in Windows Server 2012 R2, including DirectAccess, client-based and site-to-site VPN, and Web Application Proxy. If you’re interested in a more detailed training session on DirectAccess, I’ll be delivering a 3-hour technical deep-dive at TechMentor in Bellevue, WA on August 15. Hope to see you soon!