If you have deployed Office 365 or are planning to and are looking to publish your ADFS to external users, for example, workers from a remote location like Starbucks or for mobile devices then you have a couple of choices.
You can chose to deploy an ADFS proxy. This is pretty simple and is really just a role service of ADFS.
Instructions on how to setup ADFS can be found on Kelsey Epp’s blog.
The one drawback of using ADFS Proxy is that you can’t logon to Office365 if the Active Directory (AD) account is expired or has been marked “User Must Change Password on Next Logon” If you have a lot of users who are using a web browser or mobile devices and they don’t come into the office much, this could be a problem.
The alternative is to use Microsoft Forefront Threat Management Gateway 2010. The drawback here is the product is being slated for retirement and it has a cost. But with it you can have users directed to a page where they can reset the password if it is expired. The link to set up TMG for ADFS.
Following these instructions for TMG 2010 I did run into an issue where I was getting error 8004789A. The issue was I had to uncheck Link Translation. I found this on Risual Blogs.
I am hoping over the next little bit that we will see Microsoft give us something that will allow us to change passwords remotely like TMG but make it free like ADFS Proxy.