3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
The software giant plans to disable NTLM authentication by default, strengthening security with modern protocols.
Microsoft recently announced its plans to disable the legacy New Technology LAN Manager (NTLM) protocol by default in upcoming Windows releases. The software giant disclosed that the move is designed to address critical security vulnerabilities that would expose organizations to malicious attacks by bad actors, including "replay and man-in-the-middle attacks, due to its use of weak cryptography".
For context, the tech giant first introduced the protocol in 1993 with Windows NT 3.1 as the LAN Manager (LM) protocol's successor (via BleepingComputer). The protocol is designed to help authenticate a user's identity while simultaneously protecting the integrity and confidentiality of their activity.
Microsoft further indicated that NTLM is now classified as deprecated, which means that continued use of the security protocol could expose your organization to several risks, including no server authentication, weak cryptography, limited diagnostic data and auditing visibility (until recently), and vulnerability to replay, relay, and pass-the-hash attacks.
Disabling NTLM by default does not mean completely removing NTLM from Windows yet. Instead, it means that Windows will be delivered in a secure-by-default state where network NTLM authentication is blocked and no longer used automatically. The OS will prefer modern, more secure Kerberos-based alternatives. At the same time, common legacy scenarios will be addressed through new upcoming capabilities such as Local KDC and IAKerb (pre-release).
Microsoft
Microsoft plans to disable NTLM by default in future Windows releases in three phases. First, enhanced NTLM auditing tools will remain available for Windows Server 2025 and Windows 11 version 24H2, allowing organization admins to identify where the tool is still in use.
(Image credit: Getty Images | HJBC)
Microsoft has scheduled the second phase to start in the second half of 2026, where it plans to ship new features, including IAKerb and a Local Key Distribution Center, which will help mitigate the top NTLM pain points, such as domain controller connectivity limitations, local account authentication requirements, and hardcoded protocol selections in core Windows components.
As for the final phase, Microsoft will disable network NTLM authentication by default in the next major Windows Server release and associated Windows client releases. However, the protocol will still be available in the operating system. It's worth noting that it can be enabled again explicitly through policy controls if needed.
In the interim, Microsoft urges organizations to deploy enhanced auditing immediately and map application and service dependencies. The software giant has also reiterated the importance of transitioning to Kerberos for critical workloads and testing NTLM-disabled configurations in a non-production environment.
Hope you enjoyed this news post. Feedback welcome.
Posted Tuesday 3 February 2026 at 5:03 am AEST (my time).
News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.