Back

Disable Extended Protection in ADFS 2.0 for NTLM

You must disable Extended Protection in ADFS 2.0 (Office 365 SSO) to allow IE, Google Chrome and Firefox to Authenticate Using NTLM when using reverse proxies such as TMG and UAG…or external employee access. To learn about the security ...

1 min read
Published on Jul 1, 2012
Disable Extended Protection in ADFS 2.0 for NTLM

You must disable Extended Protection in ADFS 2.0 (Office 365 SSO) to allow IE, Google Chrome and Firefox to Authenticate Using NTLM when using reverse proxies such as TMG and UAG…or external employee access. To learn about the security implications of disabling Extended Protection, you can read the Microsoft security advisory here.

In the past, this was a manual process on each server in the farm (for example, this process). ADFS 2.0 requires you to disable IIS Windows extended protection on the ADFS virtual directory “LS”.

This can now be set via PowerShell at the farm level easily using PowerShell.

  1. Open PoweShell Command Window
  2. Load ADFS Poweshell SnapIn Add-PsSnapIn Microsoft.Adfs.Powershell
  3. Set ADFS to diable EAP at the farm level Set-ADFSProperties -ExtendedProtectionTokenCheck
  4. Restart ADFS and IIS
    • IISReset
    • Net Stop ADFS
    • Net Start ADFS

Hope this helps!

PS – Uploaded to the wiki here.

Looking for further help? Please check us out for your Managed Service or Cloud Consulting needs.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Critical Data Backup in Azure | Identify & Protect What Matters

Identifying Critical Data and Applications for Backup in Azure

Learn how to identify and prioritize your critical data and applications for backup in Azure to reduce risk, ensure business continuity, and meet compliance requirements.

Oct 3, 2025
5 min read
Microsoft 365 Backup Compliance | Key Risks & Best Practices

Compliance Considerations When Backing Up Microsoft 365 Data

Ensure your Microsoft 365 backups meet compliance requirements for CMMC, NIST 800-171, and other regulations. Learn key considerations to avoid violations.

Oct 3, 2025
6 min read
Azure Backup Needs Assessment | Plan Your Cloud Data Protection

Assessing Your Organization's Backup Needs for Azure Workloads

Learn how to assess your backup needs for Azure workloads, from compliance and recovery objectives to choosing the right tools for data protection and resilience.

Sep 26, 2025
6 min read
CUI Compliance and the Role of MSPs

Overview of CUI Compliance and the Role of MSPs

Explore the essentials of CUI compliance and how MSPs support DFARS, NIST 800-171, and ITAR requirements through secure IT services and expert guidance.

Sep 26, 2025
7 min read
Evaluating Data Retention Policies for Microsoft 365 and Azure

Evaluating Data Retention Policies for Microsoft 365 and Azure

Learn how to evaluate and manage data retention policies in Microsoft 365 and Azure to meet compliance, security, and operational needs.

Sep 26, 2025
6 min read
How MSPs Help Meet CUI Compliance Requirements

How MSPs Help Organizations Meet CUI Compliance Requirements

Learn how MSPs help organizations meet CUI compliance by offering expertise, secure environments, and ongoing support for DFARS and NIST 800-171 standards.

Sep 26, 2025
7 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don’t want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122