HomeWinBuzzer NewsMicrosoft to Phase Out NTLM Authentication, Kerberos to Take Over

Microsoft to Phase Out NTLM Authentication, Kerberos to Take Over

NTLM will remain functional in the 2024 update for Windows 11, version 24H2, and Windows Server 2025, but no longer receive new features.

-

has decided to discontinue NTLM (New Technology LAN Manager) in upcoming versions of Windows. This action is part of an effort to improve security across its by transitioning away from older protocols.

NTLM will remain functional in the 2024 update for , version 24H2, and Windows Server 2025, but it will no longer receive new features. Microsoft is pushing for the adoption of the Negotiate protocol, which defaults to Kerberos for authentication, switching to NTLM only when absolutely necessary.

NTLM first appeared in 1993 with Windows NT 3.1 and has been a key part of Windows security architecture. Even with its long history, NTLM is now regarded as outdated. Kerberos, available since Windows 2000 Service Pack 4 (SP4), is considered a more secure alternative.

Security Concerns

The shift is driven by a need to enhance security. Modern protocols like Kerberos are deemed more secure than NTLM. Microsoft notes that developers can often switch from NTLM to Negotiate with a minor change in their AcquireCredentialsHandle request to the Security Support Provider Interface (SSPI). However, applications that have hard-coded assumptions about authentication methods might need more extensive modifications.

Guidance for Developers and IT Pros

Microsoft has provided resources to help developers and IT administrators move away from NTLM. The company underscores the necessity of adopting more secure authentication methods to ensure both compatibility and security in the future. Detailed information is available on Microsoft's official documentation and the Feedback Hub app.

NTLM will still be functional in the upcoming , but Microsoft is urging users to transition to more secure protocols. This initiative aims to enhance Windows security features and overall system integrity.

For further details, Microsoft directs users to its resources on deprecated features. The company welcomes feedback and questions through the Feedback Hub app, aiming to support users and developers in this transition.

SourceMicrosoft
Markus Kasanmascheff
Markus Kasanmascheff
Markus is the founder of WinBuzzer and has been playing with Windows and technology for more than 25 years. He is holding a Master´s degree in International Economics and previously worked as Lead Windows Expert for Softonic.com.