Microsoft has recently made updates to the list of features being deprecated in Windows 10 and 11, focusing on enhancing security by removing password payloads in MPR notifications. This change is part of a broader effort to phase out older technologies and features that may pose security risks, including the Test Base for Microsoft 365 and TLS server authentication certificates with RSA keys shorter than 2048 bits.
Details on the Deprecated Features
The specific features facing deprecation are the NPLogonNotify and NPPasswordChangeNotify APIs, which are part of the network provider (NP) API. These functions have historically allowed credential managers to be notified of logon events and password changes, respectively. Microsoft’s decision to deprecate these APIs stems from security concerns, as they permit the retrieval of user passwords, potentially exposing them to malicious actors.
Windows 11 version 24H2, also known as the “2024 Update,” will see the disabling of password payload in MPR notifications through a group policy for these APIs. While the APIs will remain accessible for a period, Microsoft plans to remove them entirely in a future release. In the meantime, organizations that require these features can still include password payloads in MPR notifications by enabling the EnableMPRNotification policy.
The Future of Windows Security
This move is indicative of Microsoft’s ongoing commitment to bolstering the security framework of its operating systems. By removing features that could potentially be exploited for password harvesting, Microsoft aims to protect users from emerging threats. The company encourages developers and IT professionals to adapt to these changes and prepare for a future where such legacy features are no longer available.
As part of its broader initiative to secure Windows against modern threats, Microsoft continues to evaluate and update its operating system components. This proactive approach ensures that Windows remains a secure platform for both individual users and enterprises.
