There I was, blathering away about Kerberos and SetSPN and sleeping - sleeping! - while the long-awaited-but-unnanounced TMG SP2 was released. And announced, I guess.
The documentation's still being updated (the release notes haven't made it up yet), but you can try it out from here:
Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2
New Reports• The new Site Activity report displays a report showing the data transfer between users and specific websites for any user.Error Pages• A new look and feel has been created for error pages.• Error pages can be more easily customized and can include embedded objects.Kerberos Authentication• You can now use Kerberos authentication when you deploy an array using network load balancing (NLB).
Bitterly disappoointing update to TMG and a wasted chance with no AD FS proxy or O365 integration.
I don't remember either being discussed, mooted or suggested. I agree, they'd both be nice to have, but they're both achievable anyway, aren't they? (not ADFS integration as an identity provider, but publishing at least).
Can't wait for the release notes!*
* (too soon?)