Back

Disable Extended Protection in ADFS 2.0 for NTLM

You must disable Extended Protection in ADFS 2.0 (Office 365 SSO) to allow IE, Google Chrome and Firefox to Authenticate Using NTLM when using reverse proxies such as TMG and UAG…or external employee access. To learn about the security ...

1 min read
Published on Jul 1, 2012
disable-extended-protection-in-adfs-2-0-for-office-365-to-allow-ie-google-chrome-and-firefox-to-authenticate-using-ntlm

You must disable Extended Protection in ADFS 2.0 (Office 365 SSO) to allow IE, Google Chrome and Firefox to Authenticate Using NTLM when using reverse proxies such as TMG and UAG…or external employee access. To learn about the security implications of disabling Extended Protection, you can read the Microsoft security advisory here.

In the past, this was a manual process on each server in the farm (for example, this process). ADFS 2.0 requires you to disable IIS Windows extended protection on the ADFS virtual directory “LS”.

This can now be set via PowerShell at the farm level easily using PowerShell.

  1. Open PoweShell Command Window
  2. Load ADFS Poweshell SnapIn Add-PsSnapIn Microsoft.Adfs.Powershell
  3. Set ADFS to diable EAP at the farm level Set-ADFSProperties -ExtendedProtectionTokenCheck
  4. Restart ADFS and IIS
    • IISReset
    • Net Stop ADFS
    • Net Start ADFS

Hope this helps!

PS – Uploaded to the wiki here.

Looking for further help? Please check us out for your Managed Service or Cloud Consulting needs.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

NIST 800 171 vs NIST 800 53

NSA Cybersecurity Collaboration: No-Cost Services Available to DoD Contractors

Learn how NSA cybersecurity collaboration provides no-cost services to DoD contractors, helping enhance security and compliance with advanced cyber protections.

Jan 10, 2025
6 min read
When is a New CMMC Assessment Needed

Understanding When and Why You Need a New CMMC Assessment

Learn when to schedule a new CMMC assessment, what triggers reassessments, and how changes in scope, contracts, or compliance impact your certification process.

Jan 6, 2025
9 min read
How Does VDI Solve the CUI and CMMC Conundrum?

How Does VDI Solve the CUI and CMMC Conundrum?

Explore how VDI for CUI helps businesses meet compliance requirements, ensuring secure data access while simplifying CMMC certification.

Dec 30, 2024
9 min read
Disaster Recovery Plan Enough

Is your disaster recovery plan enough?

Strengthen your Office 365 disaster recovery plan with granular backup, retention policies, and solutions to prevent data loss.

Dec 18, 2024
7 min read
Outlook Organization Tips

Outlook Organization Tips to Take Back Your Outlook Mailbox

Struggling with a cluttered Outlook mailbox? Discover quick and efficient organization tips to streamline your email management.

Dec 17, 2024
6 min read
Managing your Organization's Data-Backup on the Cloud

Managing your Organization's Data-Backup on the Cloud

Learn how to efficiently manage your organization's data backup on the cloud. Discover strategies for optimizing backup processes, reducing storage costs, and ensuring data availability and disaster recovery.

Dec 10, 2024
4 min read

Ready to Defend and Secure Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Defend. Secure. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Defend. Secure. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation