Back

Disable Extended Protection in ADFS 2.0 for NTLM

You must disable Extended Protection in ADFS 2.0 (Office 365 SSO) to allow IE, Google Chrome and Firefox to Authenticate Using NTLM when using reverse proxies such as TMG and UAG…or external employee access. To learn about the security ...

1 min read
Published on Jul 1, 2012
Disable Extended Protection in ADFS 2.0 for NTLM

You must disable Extended Protection in ADFS 2.0 (Office 365 SSO) to allow IE, Google Chrome and Firefox to Authenticate Using NTLM when using reverse proxies such as TMG and UAG…or external employee access. To learn about the security implications of disabling Extended Protection, you can read the Microsoft security advisory here.

In the past, this was a manual process on each server in the farm (for example, this process). ADFS 2.0 requires you to disable IIS Windows extended protection on the ADFS virtual directory “LS”.

This can now be set via PowerShell at the farm level easily using PowerShell.

  1. Open PoweShell Command Window
  2. Load ADFS Poweshell SnapIn Add-PsSnapIn Microsoft.Adfs.Powershell
  3. Set ADFS to diable EAP at the farm level Set-ADFSProperties -ExtendedProtectionTokenCheck:None
  4. Restart ADFS and IIS
    • IISReset
    • Net Stop ADFS
    • Net Start ADFS

Hope this helps!

PS – Uploaded to the wiki here.

Looking for further help? Please check us out for your Managed Service or Cloud Consulting needs.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Why Hire an MSP for CMMC Certification Support

Why Hire an MSP for CMMC Certification Support?

Learn why partnering with an MSP for CMMC certification support can streamline your path to compliance, reduce costs, and improve cybersecurity posture.

Dec 17, 2025
7 min read
SharePoint GCC High Migration: Step-by-Step Guide

How to Migrate SharePoint Data to GCC High

Learn how to migrate SharePoint data to GCC High to meet CMMC, NIST, and ITAR compliance requirements with this practical guide.

Dec 15, 2025
7 min read
FedRAMP & Microsoft Cloud Tenant Migrations

Understanding FedRAMP Implications for Microsoft Cloud Tenant Migrations

Learn how FedRAMP requirements impact Microsoft cloud tenant migrations and what regulated organizations must do to stay compliant.

Nov 25, 2025
6 min read
Cloud Backup Strategies for Ransomware Protection

Protecting Against Ransomware with Cloud Backup Strategies

Explore effective cloud backup strategies to defend against ransomware attacks. Learn best practices for recovery, redundancy, and data resilience.

Nov 20, 2025
6 min read
Implement Azure Backup Encryption for Data Security

Implementing Encryption for Azure Backup Data

Learn how to implement encryption in Azure Backup to protect your cloud data. Discover key methods, tools, and best practices to ensure data confidentiality and compliance.

Nov 19, 2025
6 min read
Best Practices for Migrating Email to GCC High

Best Practices for Migrating Email to GCC High

Discover the best practices for migrating email to GCC High. Ensure security, compliance, and business continuity throughout your transition.

Nov 18, 2025
9 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don’t want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122