Microsoft is improving Windows authentication and disabling NTLM, the weak authentication protocol. They are adding new features to the Kerberos protocol to eliminate the use of NTLM. #Microsoft #WindowsAuthentication #NTLM #Kerberos

The new features for Kerberos include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos. #IAKerb #KDC #Kerberos

IAKerb allows clients without line-of-sight to a Domain Controller to authenticate through a server that does have line-of-sight. This is useful in firewall segmented environments or remote access scenarios. #Authentication #IAKerb #Server

The local KDC for Kerberos utilizes the local machine's Security Account Manager to offer remote authentication of local user accounts via Kerberos. This improves the security of local authentication. #LocalKDC #Kerberos #Authentication

Microsoft is updating Windows components with NTLM built-in to use the Negotiate protocol instead, along with Kerberos and IAKerb. This will reduce the use of NTLM and improve security. #NTLM #Negotiate #Security

Administrators can track and block NTLM usage in their environments using extended management controls. Microsoft plans to eventually disable NTLM in Windows 11. #ManagementControls #NTLM #Windows11

https://www.securityweek.com/microsoft-improving-windows-authentication-disabling-ntlm/