The End of NTLM with Steve Syfuhs
It's time to retire NTLM - but how? Richard chats with Steve Syfuhs about the need and challenge of retiring an ubiquitous authentication protocol first used in the 1990s. While guidance to move away from NTLM has been available since 2010, it has only become feasible in the past couple of years, and Microsoft is now providing tooling to make the transition easier. Steve discusses enabling auditing of NTLM usage - recent improvements will allow you to view which services rely on NTLM. Sometimes, a configuration change can resolve the problem, and now there is Microsoft Negotiate to help as an intermediary in determining which protocol to use. Retiring NTLM won't happen overnight, but it will happen, and you can start preparing for it today. And if you need help or advice, email [email protected]!
RunAs Radio · Steve Syfuhs, Richard Campbell
Audio is streamed directly from the publisher (cdn.simplecast.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
It's time to retire NTLM - but how? Richard chats with Steve Syfuhs about the need and challenge of retiring an ubiquitous authentication protocol first used in the 1990s. While guidance to move away from NTLM has been available since 2010, it has only become feasible in the past couple of years, and Microsoft is now providing tooling to make the transition easier. Steve discusses enabling auditing of NTLM usage - recent improvements will allow you to view which services rely on NTLM. Sometimes, a configuration change can resolve the problem, and now there is Microsoft Negotiate to help as an intermediary in determining which protocol to use. Retiring NTLM won't happen overnight, but it will happen, and you can start preparing for it today. And if you need help or advice, email [email protected]!
Links
- NTLM Blocking and You
- Deprecating NTLM is Easy and Other Lies
- Microsoft Negotiate
- Remote Desktop Gateway Role
- Kerberos on Windows Server
- The Evolution of Windows Authentication
Recorded September 25, 2025