Jump to content
  • Microsoft deprecates password payload in MPR notifications in Windows 11 24H2 and newer


    Karlston

    • 505 views
    • 2 minutes
     Share


    • 505 views
    • 2 minutes

    Microsoft has updated the official list of deprecated features in client versions of Windows 10 and 11 with password payloads in MPR notifications. This component of the operating system follows this month's additions, such as Test Base for Microsoft 365 (an Azure cloud service for application testing) and TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits.

     

    Microsoft will turn off password payload in MPR in Windows 11 version 24H2 (coming later this year as Windows 11 "2024 Update") using a group policy for NPLogonNotify and NPPasswordChangeNotify APIs. Although the APIs will remain available for some time, Microsoft says it will remove them at some point in a future Windows release, which is what happens to most deprecated features.

     

    Here is how the official documentation describes the APIs:

     

    NPLogonNotify function (npapi.h)

     

    MPR calls this function to notify the credential manager that a logon event has occurred, allowing the credential manager to return a logon script. The NPLogonNotify function is implemented by a credential manager DLL (see Remarks).

     

    NPPasswordChangeNotify function (npapi.h)

     

    MPR calls this function to notify the credential manager of a password change event. The NPPasswordChangeNotify function is implemented by a credential manager DLL.

    The main reason for deprecating NPLogonNotify and NPPasswordChangeNotify APIs is security. According to Microsoft, those APIs allow the caller to retrieve users' passwords, "presenting potential risks for password exposure and harvesting by malicious users."

     

    Naturally, some customers might still need the deprecated APIs, so Microsoft allows including password payloads in MPR notifications via the EnableMPRNotification policy.

     

    Password payloads in MPR notifications are only the third feature Microsoft deprecated this year. In 2023, the company announced the end of the road for many more Windows 10 and 11 components. Check out our comprehensive list of every Windows feature Microsoft deprecated in 2023.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...