MICROSOFT Moves Closer to Disabling NTLM reports that the next major Windows Server and Windows releases will have the deprecated NTLM authentication protocol disabled by default, in a three‑phase process that aims to remove NTLM from Windows altogether. The article notes that NTLM remains in use in some environments due to legacy dependencies, but its vulnerabilities have spurred the shift toward Kerberos as the preferred authentication method.
Organisations can now use enhanced NTLM auditing features in Windows Server 2025 and Windows 11, versions 24H2 and later, to map where NTLM is still in use. The second phase will address domain controllers, local account authentication, and hardcoded NTLM usage, with solutions expected in the second half of the year for Windows Server 2025 or Windows 11, version 24H2 and later.
By the end, NTLM will be disabled by default and re‑enabling via new policy controls will require explicit action, though built‑in NTLM support for legacy cases will remain. According to Microsoft notes, disabling NTLM by default is a major step toward a passwordless, phishing‑resistant future, while organisations are urged to audit and migrate to Kerberos where possible.