Another useful article on the arguments around Exchange and Pre-Authentictaion
TMG was needed back in the days when Exchange ran on Windows 2000, according to Taylor. However, Microsoft’s Trustworthy Computing security efforts, along with its Secure Windows Initiative and the imposition of its security development lifecycle coding approach have made such preauthentication security approaches optional, at best, to protect Exchange, he explained.
Not only is TMG unnecessary, but it’s just a firewall, and so are the various load balancers used with Exchange, Taylor suggested. They just add complexity to network security. However, Taylor didn’t altogether dismiss using load balancers with Exchange. He just suggested that using preauthentication with them adds little in the way of security.
