Even if Microsoft has announced to stop ForeFront TMG (Threat Management Gateway), this post is about to allow Office Mobile (from Windows Phone 7.x or Windows Phone 8) access to internal SharePoint sites published through ForeFront TMG.
NOTE the recommendation (and due to the announcement) it’s recommended to use ForeFront UAG (Unified Access Gateway) to publish SharePoint sites.
If you have published your internal SharePoint site with ForeFront TMG and try to access it using Office Mobile, you will get the following error message on your Windows Phone device:
“We don’t support this authentication scheme. Contact the person who manages this SharePoint site. You can try opening the content in your web browser instead”
Your ForeFront TMG publication rules for SharePoint must use an HTTPS listener with NTLM authentication.
If you take a look at the ForeFront TMG logs you will see the following error message
“The server requires authorization to fulfill the request. Access to the web server is denied”
To workaround this issue with ForeFront TMG, just create a “bypass” rules to allow direct authentication for /_vti_bin/webs.asmx and /_vti_bin/lists.asmx paths; don’t forget to manage site collections below the default managed paths /sites/ and /personal/.