Microsoft officially deprecates NTLM and promotes Kerberos authentication

No Comments
Microsoft building

Several months after announcing its intention to do so, Microsoft has official deprecated the NTLM (NT LAN Manager) authentication protocol in Windows and Windows Server.

NTLM is now a very old protocol which has been superseded by the more secure and feature-rich Kerberos. It will still be possible to use NTLM until the next release of Windows and Windows Server, but Microsoft is keen for users to take action now.

See also:

Aware that the change will require a degree of preparation for many people, Microsoft has not only provided fair warning for those still reliant on the aged protocol, but also provided advice about how to proceed.

On the page used to advise about deprecated features, the company says:

All versions of NTLM, including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary.

Microsoft has also provided information about just how to migrate away from NTLM. The company shares the following details:

Customers concerned about NTLM usage in their environments are encouraged to utilize NTLM auditing to investigate how NTLM is being used.

In many cases, applications should be able to replace NTLM with Negotiate using a one-line change in their AcquireCredentialsHandle request to the SSPI. One known exception is for applications that have made hard assumptions about the maximum number of round trips needed to complete authentication. In most cases, Negotiate will add at least one additional round trip. Some scenarios may require additional configuration.

There is further helpful information in a blog post from last year.

Image credit: Waingro / Dreamstime.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Best Windows apps this week

CIOs need to anticipate future business challenges

Meeting the challenges of enterprise development [Q&A]

Microsoft launches Windows App so you can connect to Windows from just about any device

Microsoft is giving Windows 11 users (a bit of) control over the in-OS ads they see... but there’s a sting in the tail

SparkyLinux 7.5 arrives with updated kernel and software packages

Google expands passkey support to desktop with Google Password Manager

Most Commented Stories

Windows 12.1 is everything Windows 11 should be -- and the Microsoft operating system we need!

40 Comments

Rectify11 update arrives to fix Windows 11 -- download it now

20 Comments

Apple Intelligence will launch in beta and that’s unacceptable for a trillion-dollar company

16 Comments

Forget TeamViewer, RustDesk is the open-source alternative you've been looking for

15 Comments

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.6.1

14 Comments

Microsoft is bringing ads to the Windows 10 Start menu, just like in Windows 11

11 Comments

Donald Trump vs. Kamala Harris: Google ramps up efforts to protect Presidential Election integrity

11 Comments

Are you ready for 6G? A breakthrough device just made it possible

9 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.