Microsoft's Windows 11: Changes to Authentication and Upgrades
Microsoft plans to phase out the NTLM authentication protocol in Windows 11, as it has been extensively exploited by threat actors in attacks such as NTLM relay attacks and pass-the-hash attacks. Kerberos has replaced NTLM as the default authentication protocol for domain-connected devices on Windows. Microsoft is working on two new Kerberos features, IAKerb and Local KDC, to enhance its use and address challenges leading to Kerberos fallback to NTLM. Additionally, Microsoft intends to expand NTLM management controls to provide administrators with more flexibility in monitoring and restricting NTLM usage. The company will disable NTLM in Windows 11 once it determines it is safe to do so, but customers will have the option to reenable it for compatibility reasons.
- Microsoft plans to kill off NTLM authentication in Windows 11 BleepingComputer
- Can you still get a Windows 10 upgrade for free? ZDNet
- How to bypass Windows 11 hardware requirements Laptop Mag
- It's official: Upgrades using Windows 7 and 8 keys are dead PCWorld
- Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication The Hacker News
Reading Insights
0
1
2 min
vs 3 min read
77%
507 → 119 words
Want the full story? Read the original article
Read on BleepingComputer