Blog Post

Windows IT Pro Blog

5 MIN READ

Advancing Windows security: Disabling NTLM by default

Microsoft

Jan 29, 2026

Windows is moving toward a more secure authentication model by phasing out New Technology LAN Manager (NTLM) in favor of stronger, Kerberos‑based alternatives. Let’s look at enhanced auditing and upc...

Timeline illustration showing enhanced auditing available today, then IAKerb, Local KDC, and upgrade hardcoded to negotiate occurring in the second half of 2026. The final phase, which occurs with the next version of Windows Server, shows NTLM disabled by default in most cases and the availability of unknown SPN, IP address, local accounts on domain machines, and new NTLM block policies.

Updated Jan 29, 2026

Version 3.0

security

windows 11

mariamgewida

Microsoft

Joined April 07, 2022

View Profile

Windows IT Pro Blog

Follow this blog board to get notified when there's new activity

RaphaelB2085

Copper Contributor

Feb 03, 2026

Thanks Mariam, finally NTLM is being disabled! This short video does a great job explaining the differences between NTLM and Kerberos Authentication: https://youtu.be/4gDGJe7tLes