MicrosoftIndeed, auditing is the key point when planning to get rid off old protocols.
Without clear identification of the causing clients (and finally applications), how to achieve this in big enterprise environment?
So in this case here, I appreciate the optimization for the NTLM events, but I totally don't get why this is limited to Server 2025 only.
In the scenarios where NTLMv1 is a topic, chances are good that also the infrastructure is not always the latest and greatest.
So why creating this extra challenge then?
If you want to encourage the companies out there to work on these legacy protocol removal tasks, make it easier for them.
Suggestion: have this also integrated in older OS so that the DC gets all the relevant event details.
Collecting the stuff from domain members is something - in the companies I know - won't be an option.
Event collection on DC's ist rather standard.
So the feature is required on Domain Controllers - and not only for Server 2025.
