Advancing Windows security: Disabling NTLM by default

Windows is transitioning away from the outdated NTLM authentication protocol to enhance security. NTLM, a legacy protocol, is vulnerable to attacks and lacks modern cryptographic strength. Microsoft is implementing a phased approach to disable NTLM by default, promoting stronger Kerberos-based authentication. Phase 1 focuses on enhanced auditing tools, available now, to identify NTLM usage. Phase 2, slated for late 2026, will address common NTLM pain points with features like improved Kerberos in various scenarios. Phase 3, in a future Windows release, will disable network NTLM by default, requiring explicit re-enablement if necessary. This phased approach prioritizes security while ensuring compatibility for organizations. The goal is to eventually remove NTLM entirely, creating a more secure environment. Microsoft provides resources and encourages organizations to prepare by identifying NTLM dependencies and testing Kerberos. This transition is a crucial step towards a more secure, passwordless future for Windows. Microsoft is actively seeking feedback to address unique NTLM usage scenarios. Through this evolution, Microsoft aims to foster a more resilient system, securing the digital experience.