Disable Extended Protection in ADFS 2.0 (for Office 365) to allow IE, Google Chrome and Firefox to Authenticate Using NTLM

You must disable Extended Protection in ADFS 2.0 (Office 365 SSO) to allow IE, Google Chrome and Firefox to Authenticate Using NTLM when using reverse proxies such as TMG and UAG…or external employee access.  Read about the security implications of disabling Extended Protection, you can read the Microsoft security advisory here.

In the past, this was a manual process on each server in the farm (for example, this process). ADFS 2.0 requires you to disable IIS Windows extended protection on the ADFS virtual directory “LS”.

This can now be set via PowerShell at the farm level easily using PowerShell.

  1. Open PoweShell Command Window
  2. Load ADFS Poweshell SnapIn
    Add-PsSnapIn Microsoft.Adfs.Powershell
  3. Set ADFS to diable EAP at the farm level
    Set-ADFSProperties -ExtendedProtectionTokenCheck:None
  4. Restart ADFS and IIS
    • IISReset
    • Net Stop ADFS
    • Net Start ADFS

Hope this helps!

PS – Uploaded to the wiki here.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
 
Comments

No comments yet.

Leave a Reply

You must be logged in to post a comment.

 
Call Agile IT Now

(619) 292-0800

×
Visit Agile IT
Agile IT Office


Agile IT Headquarters
West Coast Sales Office
4660 La Jolla Village Drive, Suite 500
San Diego, CA 92122

Directions >


Network Operations & Support Center
4891 Pacific Highway, Suite 105
San Diego, CA, 92110

Directions >


North East Sales Office
250 Pehle Avenue, Suite 200
Saddle Brook, New Jersey


South East Sales Office
2202 N. West Shore Blvd
Tampa, Florida


Midwest Sales Office
60 E. Rio Salado Parkway, Suite 900
Tempe, Arizona
×
Intune Webcast by Agile IT

×
Intune Subscription Pricing

×
This Guy That Guy - Microsoft InTune Lighter Side

×
Compare Office 365 Subscription Pricing

×
Office 365 Webcast by Agile IT

×
Office 365 Success Stories

Microsoft Office 365 is at the forefront of productivity. For organizations of all sizes, Office 365 unites the familiar Microsoft Office desktop applications with the power of our most trusted productivity servers, into one connected online solution. No matter if you’re an entrepreneur just starting out or a multinational corporation connecting your employees across the globe, the best productivity tools are at your fingertips.

State of Minnesota – The executive branch of the State of Minnesota is made up of more than 70 agencies and employs 35,000 people. The State Office of Enterprise Technology (OET) provides services that improve government through the effective use of information technology. In 2010, OET decided to move the entire executive branch to the cloud-based services of Microsoft Office 365. With a hosted enterprise solution, IT staff can provide a highly reliable and secure platform while decreasing administration and costs.

Click here
to view case study.

Patagonia – Patagonia, a global provider of outdoor apparel and gear wanted a new solution for unified communications to help employees around the world work better together. The IT staff also needed to upgrade its aging messaging solution. Based on a pilot test of Office 365, Patagonia expects employees to communicate more effectively and make better design decisions. Patagonia also believes Office 365 will help it reduce IT costs, improve business continuity, and support its environmental initiatives.

Click here
to view case study.

Imagination Yoga – Imagination Yoga, which brings the benefits of yoga to children’s classrooms, struggled with communication among its owners. By adopting Microsoft Office 365, the company gained mobile access to email and calendar information, shared workspaces, and a centralized document repository. Imagination Yoga now runs more efficiently, can be more responsive, and is able to better focus on its mission to bring yoga to more children.

Click here
to view case study.

Traveler’s Haven - Travelers Haven is growing rapidly and wants to better coordinate employee activities. The company is testing Microsoft Office 365 and already finds it exceptionally useful in improving efficiency and communicating with remote employees. Once the whole staff is using Office 365, Travelers Haven expects to save 30 hours a day, avoid U.S.$100,000 annually in IT costs, and feel comfortable opening new offices around the United States.

Click here
to view case study

×
Intune Deep Dive

×
Active Directory (AD)
Active Directory (AD) is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems.
An AD domain controller authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software.
×
SAML Endpoints
SAML 2.0 is a standard which ensures interoperability across identity providers and gives enterprises the freedom to choose a cloud providers without needing to worry about additional management.
Many Cloud services are SAML Endpoints. Some of the most well-known are are:
  • Google
  • Yahoo
  • Salesforce.com
  • Remedy
  • ZenDesk
  • Zoho
  • Zimbra
  • CIsco Webex
  • Box.com

and many more.

×