Blog Post

Exchange Team Blog
4 MIN READ

Released: August 2022 Exchange Server Security Updates

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Aug 09, 2022
Microsoft has released security updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 IMPORTANT: Updates are released in a self-extrac...
Updated Aug 11, 2022
Version 8.0
announcements
security
setup
LukasSMSFT's avatar
LukasSMSFT
Icon for Microsoft rankMicrosoft
Aug 22, 2022

JMaletzky the recommended value is 5 which is: 

Send NTLMv2 response only. Refuse LM & NTLM

Client devices use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM and NTLM authentication, and they'll accept only NTLMv2 authentication.

 

NTLMv1 should be considered as insecure (for example, the cryptography used by it is obsolete) and so no longer used.

More information:

https://support.microsoft.com/topic/security-guidance-for-ntlmv1-and-lm-network-authentication-da2168b6-4a31-0088-fb03-f081acde6e73 

[MS-NLMP]: NTLM v1 Authentication | Microsoft Docs

[MS-NLMP]: NTLM v2 Authentication | Microsoft Docs

 

To enforce NTLMv2 usage it's required to configure the LmCompatibilityLevel on all clients, servers, and Domain Controllers. However, you should verify that no applications require NTLMv1 anymore before turning it off.

See: Network security LAN Manager authentication level (Windows 10) - Windows security | Microsoft Docs