In a significant shift for security and authentication practices, Microsoft has commenced the removal of NTLM (New Technology LAN Manager) from its latest operating systems, specifically Windows 11 version 24H2 and Server 2025. This decision reflects the company's ongoing commitment to enhance security by phasing out outdated protocols that have been deemed vulnerable in today's digital landscape.
Historically, NTLMv1 was considered the weakest link, and its use has been declining for some time. Microsoft first announced its intention to deprecate NTLM back in October 2023, leading to a series of confirmations culminating in this week's news that NTLMv1 is no longer available in the latest Windows releases. Specifically, as of December 2024, Microsoft has confirmed that all versions of NTLM—including NTLMv1, NTLMv2, and the much older LAN Manager—are no longer under active development and are officially deprecated.
As the shift unfolds, Windows users are encouraged to stay informed and proactive about changes in security practices. Embracing these changes safeguards not only individual devices but also the integrity of internet-connected systems as a whole.
Be sure to monitor updates from Microsoft, and engage with community discussions to stay ahead of this critical transition!
Source: Neowin Microsoft begins removing NTLM on Windows 11 24H2, Server 2025 already
The Rise and Fall of NTLM
For those who might not be intimately familiar with NTLM, it has been a staple authentication protocol since the early days of Windows networking. Originally designed to provide secure access to network resources, NTLM has exhibited numerous security flaws over the years. With advancements in technology and increased sophistication of cyber threats, NTLM's weaknesses have become glaringly apparent, prompting Microsoft to take drastic measures.Historically, NTLMv1 was considered the weakest link, and its use has been declining for some time. Microsoft first announced its intention to deprecate NTLM back in October 2023, leading to a series of confirmations culminating in this week's news that NTLMv1 is no longer available in the latest Windows releases. Specifically, as of December 2024, Microsoft has confirmed that all versions of NTLM—including NTLMv1, NTLMv2, and the much older LAN Manager—are no longer under active development and are officially deprecated.
What Does This Mean for Users?
Windows users and network administrators should be aware of the implications of this change. Notably:- Transitioning to Kerberos: Microsoft recommends that developers and IT professionals transition any authentication requests that rely on NTLM to the Negotiate protocol. This newer protocol attempts to authenticate using Kerberos first, falling back on NTLM only if necessary. Kerberos is a far more secure protocol, using strong encryption and mutual authentication.
- Security Improvements: By removing support for NTLM, Microsoft is enhancing the overall security posture of its operating systems. This change will significantly reduce the attack surface and prevent potential exploits that could otherwise take advantage of NTLM's vulnerabilities.
- Legacy Systems: For businesses still relying on older applications or systems that only support NTLM, this change could necessitate updates or replacements. Network administrators should audit their systems and evaluate potential migration paths to ensure smooth transitions without service interruptions.
Additional Features Decommissioned
Alongside NTLM, Microsoft has also phased out Windows Information Protection (WIP), a feature designed to protect against accidental data leaks. This marks a significant shift in how Microsoft is approaching data security, focusing on more integrated and robust security measures.Moving Forward: What You Should Do
Action Steps for Users and Admins
- Check Compatibility: Review your existing network configurations and applications to determine if they rely on NTLM authentication.
- Plan for Migration: Develop a roadmap to transition to Kerberos authentication or other secure methods.
- Update Security Practices: Take this opportunity to reinforce security policies across your organization. Ensure that all software is up to date and that security patches are applied promptly.
- Educate Users: Inform staff members about these changes, highlighting the importance of security in the use of authentication protocols.
Conclusion
The removal of NTLM from Windows 11 24H2 and Server 2025 marks a critical step towards modernizing authentication methods within Microsoft's suite of operating systems. With cybersecurity threats constantly evolving, these changes are not just necessary; they are imperative. In the long run, embracing stronger authentication frameworks like Kerberos will position users for not just safer networks, but also a more resilient technological landscape.As the shift unfolds, Windows users are encouraged to stay informed and proactive about changes in security practices. Embracing these changes safeguards not only individual devices but also the integrity of internet-connected systems as a whole.
Be sure to monitor updates from Microsoft, and engage with community discussions to stay ahead of this critical transition!
Source: Neowin Microsoft begins removing NTLM on Windows 11 24H2, Server 2025 already
