A growing number of Microsoft account holders report successful sign‑ins from IP addresses inside Microsoft’s own network despite having two‑factor authentication enabled — an uptick of incidents first detailed in a German investigation and corroborated by threads on Reddit and Microsoft’s own...
Microsoft will audit and then begin enforcing a block on NTLMv1–derived credentials in Windows 11, version 24H2 and Windows Server 2025: the change is gated by a new registry key (BlockNtlmv1SSO), exposes two new NTLM event IDs for Audit vs Enforce behavior, and will be rolled out in phases...