Microsoft announced that the NTLM authentication protocol first introduced in Windows 3.1 will now be disabled by default over 30 years later.

NTLM, an abbreviation for New Technology LAN Manager, was first introduced in 1993 and facilitates authentication between a client and server. It’s essentially a method through which a server can verify that you know the password for an account.

It has also been widely exploited in various attacks on compromised networks, allowing hackers to take control of Windows domains.

NTLM is deprecated, but still in use

Most modern businesses have already begun the transition away from NTLM due to security concerns, but there remains a small percentage that still use NTLM 1.2 in some capacity.

During the move to Windows 11 the protocol saw a significant decline in usage, but there are systems that still rely on it due to compatibility with embedded systems in machinery and other devices.

Legacy software that doesn’t support the more widespread and secure Kerberos protocol may need updates or even alternative solutions with the push away from NTLM reliance.

The cost to upgrading hardware and software can be prohibitive, especially for industries like manufacturing, farming, and medicine that sometimes use bespoke applications.

What should I do?

As a user, there’s probably nothing to worry about. NTLM insecurity is an issue primarily affecting systems administrators.

If you’re an IT professional, Microsoft says they are providing enhanced tools to audit systems and identify where and how NTLM is being used.

From the second half of 2026 and onwards, Microsoft will proceed with phase 2 of the removal process, upgrading Kerberos compatibility and attempting to force authentication through that protocol.

And from the next version of Windows Server, NTLM will be disabled by default, requiring explicit re-enabling.

Microsoft’s approach is intended to cause as little friction as possible. Nevertheless, with such a sweeping change there is bound to be a few teething issues.