Particle.news
Download on the App Store
3 ARTICLES
·
yesterday

Microsoft to Disable Network NTLM by Default in Upcoming Windows Releases

Microsoft sets a phased shift to Kerberos guided by new auditing now available.

Decorative image showing a security professional pondering the benefits of disabling NTLM across an organization
Join us for eliminating NTLM in Windows, part of Microsoft Technical Takeoff!

Overview

  • Network NTLM will be off by default in the next major Windows Server release and associated Windows clients, with policy controls to re-enable it if required.
  • Enhanced NTLM auditing is available today on Windows Server 2025 and Windows 11 version 24H2 and later to identify where the legacy protocol is still used.
  • Microsoft targets the second half of 2026 for IAKerb and a Local Key Distribution Center to enable Kerberos in scenarios that previously forced NTLM fallback.
  • Core Windows components will prioritize Kerberos negotiation and new policies will address cases such as unknown SPNs, IP-based authentication requests, and local accounts on domain-joined devices.
  • Administrators are urged to map NTLM dependencies, migrate critical workloads to Kerberos, test NTLM-off configurations, and track guidance as timelines and feature availability may change.