There was a Security Alert raised , recently couple of days back stating that NTLM should be disabled on the DC's as it has been attacked.
Below is the alert:
KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)
In order to check for this I enabled NTLM AUDITING on my DC's and can see the events related to my client computers connecting to CAS servers and also other servers. I am checking the logs under the below :
Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller. Secure Channel name: XXXXXX User name: XXXXX Domain name: XXXXXx Workstation name: XXXXX Secure Channel type: 2
Secure Channel name: CAS01 User name: userid Domain name: xxxxxxx Workstation name: PC Secure Channel type: 2
I am not sure what should I do, so if I disable NTLM on the DC's, is it going to cause any problem for Outlook Connectivity and the Email flow.