Forefront Unified Access Gateway (UAG) provides a certified endpoint feature for clients that connect over HTTPS to a Forefront UAG site or portal. Certified endpoints are defined as privileged, and you can specify a more permissive access policy for them. This feature has the following infrastructure requirements:

  1. Deploy a certification authority (CA) to issue client certificates to endpoints.

  2. You can set up the CA remotely or locally on the Forefront UAG server. For information about setting up a CA, see Implementing certified endpoints.