In a bid to improve security, Microsoft deprecates NTLM in Windows 11 and Server 2025

Microsoft is introducing a host of security-oriented changes to Windows 11, the most notable being the deprecation of NTLM (NT LAN Manager) in Windows 11 24H2, and Server 2025.

Microsoft’s official blog post, while discussing the change, reads,

Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024.

For the unversed, NTLM is an outdated Microsoft protocol regularly exploited by threat actors across the globe. Cyber experts have long raised concerns about the security aspects of NTLM.

Recently, Microsoft rolled out several changes to reduce dependence on NTLM, such as the two new authentication methods in Windows 11. It included Kerberos, a far more secure alternative!

While announcing the new authentication methods in Oct’23, Microsoft confirmed it plans to eliminate the use of NTLM amongst Windows users. It appears that the task has already begun.

Other notable changes to Windows 11 security include support for passkey in Windows Hello, Local Security Authority protection, Smart App Control, Trusted Signing, Win32 app isolation, and VBS enclaves.

These new capabilities won’t just protect your PC against cyberattacks but also from localized threats like apps and drivers. Microsoft also recently introduced Zero Trust DNS to block encrypted traffic from malware.

What other security-oriented changes do you want Microsoft to implement? Share with our readers in the comments section.