Microsoft is moving to disable NTLM by default, with some exceptions.

If implemented, this will have a significant impact on threat actors abusing credentials within a network.

The move to IAKerb and local KDC for local and cached authentication will be....interesting.

Falling back to NTLM for authentication using IP addresses instead of FQDNs, I suspect, will keep NTLM in most environments, but overall this is a hopeful step in the right direction.

#SecOps #IncidentResponse #ThreatDetection #SOC

🔗 https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526