• The Evolution of Windows Authentication (eliminating NTLM)

    Home » Forums » Admin IT Lounge » Admin IT Lounge – Miscellaneous » The Evolution of Windows Authentication (eliminating NTLM)

    Author
    Topic
    Alex5723
    AskWoody Plus
    October 12, 2023 at 1:02 am #2593503

    https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-evolution-of-windows-authentication/ba-p/3926848

    As Windows evolves to meet the needs of our ever-changing world, the way we protect users must also evolve to address modern security challenges. A foundational pillar of Windows security is user authentication. We are working on strengthening user authentication by expanding the reliability and flexibility of Kerberos and reducing dependencies on NT LAN Manager (NTLM)…

    Our end goal is eliminating the need to use NTLM at all to help improve the security bar of authentication for all Windows users…

    Reply | Quote
    Viewing 0 reply threads
    Author
    Replies
    • NetDef
      AskWoody_MVP
      October 12, 2023 at 4:19 pm #2593688

      I have a bit of bad news about this announcement,

      Regarding this statement:

      • NTLM is the only protocol supported when using local accounts.

      When they deprecate NTLM entirely in the future, unless they add a local Kerberos authority to Windows 11/12/13/14 (right now they are only planning to add a Kerberos “cache/proxy”) then peer to peer file sharing on small networks using local machine accounts will be broken forever.    I suspect they want everyone to use an online account, which can use MS as the authentication authority.

      ~ Group "Weekend" ~

      1 user thanked author for this post.
      windbg
      Reply | Quote
      • Susan Bradley
        Manager
        October 12, 2023 at 4:23 pm #2593693

        I’ll ask around what are the plans for that use case.

        Note that we will have businesses with ntlm needs for a long time so this is a LONG journey.

        Susan Bradley Patch Lady/Prudent patcher

        1 user thanked author for this post.
        NetDef
        Reply | Quote
        • NetDef
          AskWoody_MVP
          October 12, 2023 at 7:09 pm #2593711

          I’ll be interested in any info your sources can gather.  My internal source thinks its a few years out still, they want to measure NTLM use over time as they press application developers to stop hard coding it into their programs – but knowing how slow some large and expensive line of business applications move it may be a decade.

          I’ll likely be fully retired by then.  😉

          ~ Group "Weekend" ~

          Reply | Quote
          • Susan Bradley
            Manager
            October 12, 2023 at 7:34 pm #2593712

            Local KDC is the plan but as you and I both point out – this is going to be YEARS.  We will probably both be retired by then and we’ll have Elon chips in our heads.

            Susan Bradley Patch Lady/Prudent patcher

            2 users thanked author for this post.
            NetDef, TechTango
            Reply | Quote
    Viewing 0 reply threads
    Reply To: The Evolution of Windows Authentication (eliminating NTLM)

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.