Duo Two-Factor Authentication for Microsoft TMG (Deprecated)

End of Support Information

Microsoft Threat Management Gateway (TMG) reached Microsoft's end of support in April 2020. See the list of Microsoft products ending support in 2020 for more information.

The last date of support for Duo two-factor authentication on TMG was February 21, 2022.

After that date, no new Microsoft TMG applications may be created in the Duo Admin Panel. In addition, Duo Support will no longer provide configuration or troubleshooting assistance for TMG.

If you created a Duo Microsoft TMG application before February 21, 2022:

• Your existing Duo Microsoft TMG configuration continues providing two-factor authentication for user logins.
• You may view and manage existing Microsoft TMG applications in the Duo Admin Panel.

Consider migrating to a supported solution for publishing web applications, like Duo Network Gateway.

Review the Duo End of Sale, Last Date of Support, and End of Life Policy.

The instructions for this solution were removed on March 31, 2025. Customers who had this configuration deployed before then and need to refer to the original instructions to execute the migration to a supported solution may contact Duo Support.

Troubleshooting

Need some help? Review troubleshooting tips for the Authentication Proxy and try the connectivity tool included with Duo Authentication Proxy 2.9.0 and later to discover and troubleshoot general connectivity issues.

Also take a look at our TMG Knowledge Base articles or Community discussions. For further assistance, contact Support.

Network Diagram

1. Primary authentication initiated to the TMG Server
2. TMG Server sends authentication request to Duo Security’s authentication proxy
3. Primary authentication using Active Directory or RADIUS
4. Duo authentication proxy connection established to Duo Security over TCP port 443
5. Secondary authentication via Duo Security’s service
6. Duo Authentication Proxy receives authentication response
7. TMG access granted