RunAsRadio
RunAsRadio

The End of NTLM with Steve Syfuhs

Show #1006 Wednesday, October 15, 2025
Download Podcast

About Show #1006

It's time to retire NTLM - but how? Richard chats with Steve Syfuhs about the need and challenge of retiring an ubiquitous authentication protocol first used in the 1990s. While guidance to move away from NTLM has been available since 2010, it has only become feasible in the past couple of years, and Microsoft is now providing tooling to make the transition easier. Steve discusses enabling auditing of NTLM usage - recent improvements will allow you to view which services rely on NTLM. Sometimes, a configuration change can resolve the problem, and now there is Microsoft Negotiate to help as an intermediary in determining which protocol to use. Retiring NTLM won't happen overnight, but it will happen, and you can start preparing for it today. And if you need help or advice, email ntlm@microsoft.com!

Links

Recorded September 25, 2025

 
Steve Syfuhs manages the Windows Authentication Platform team at Microsoft building authentication services and stuff. You may know him from his in-depth threads on Windows security technologies which you can find at https://syfuhs.net/category/twitter%20thread. He is currently focused on platform Single Sign-On and Credential Protection for your favorite operating systems. Previously he was the Senior Program Manager overseeing development and adoption of Windows authentication protocols liek Kerberos and TLS 1.3 as well as credential protection technologies like Credential Guard.
 

Show Comments

blog comments powered by Disqus