HomeWinBuzzer NewsMicrosoft Introduces SMB Security Controls for IT Professionals

Microsoft Introduces SMB Security Controls for IT Professionals

The new features enable blocking the SMB NTLM protocol in outbound connections and let administrators restrict specific SMB protocols.


has unveiled new security controls for the Server Message Block (SMB) protocol, targeting IT professionals. These controls are now accessible in an early preview release through the Windows Insider Program.

SMB protocol is a method of sharing files and other things over a network. It lets computers see and use files on servers or other computers, as well as printers, pipes, and other devices. SMB means Server Message Block, which is the name of the pieces of data that are sent between the client and the server. SMB protocol works with TCP/IP or other network methods.

SMB protocol has been used by Windows from the start, but it has changed over time to add new things and make it faster. The newest version of SMB protocol is SMB 3, which came out in 2012 and Windows 8. SMB 3 has new features like failover, scale out, multichannel, SMB direct, encryption, directory leasing, and performance improvements. 

SMB NTLM Blocking: A Step Towards Enhanced Security

The tech giant has introduced two primary SMB security features. The first allows IT professionals to prevent the SMB NTLM (Windows New Technology LAN Manager) protocol from being utilized in outbound connections.

As Ned Pyle, a principal program manager for Microsoft's core OS engineering group, elaborated, connecting to Active Directory domain-joined computers using SMB with a domain user account should always result in Kerberos authentication. He emphasized, “Blocking NTLM should have no consequences to connectivity in this case.” Microsoft has been advocating for the use of Kerberos over NTLM for several years, citing Kerberos as a more robust authentication protocol.

SMB Dialect Management: Offering More Control

The second feature provides the ability to choose specific SMB “dialects” (like SMB 2 or SMB 3) for Windows servers. This is a departure from the traditional behavior where the Windows SMB server would always negotiate the highest matched server dialect. With this new feature, administrators can block certain SMB protocols, ensuring that only the most secure and capable devices can connect.

For instance, they can mandate the use of SMB 3.1.1, recognized as the most secure dialect of the protocol. This dialect management was previously available for SMB clients since the release of , but its introduction for Windows servers marks a significant addition.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News