Is an ADFS "proxy" required in a production, Internet-facing ADFS deployment?

Is it acceptable to simply deploy ADFS, and expose 80/443 to the Internet, opposed to deploying redundant Front End and Back End servers?

I understand that I'm missing out on Token Replay Attack prevention, but I also notice that different endpoints are available on the internal vs external proxy.... namely kerberos and "trusttcp" are disabled externally. Should I disable these when exposing the internal ADFS server to the Internet?