Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more
Microsoft is introducing new features in Windows 11 to reduce the usage of NTLM (NT LAN Manager), an older authentication process that is less secure than Kerberos — just as Google announced passkeys are coming to WhatsApp and other apps.
“Kerberos has been the default Windows authentication protocol since 2000, but there are still scenarios where it can’t be used and where Windows falls back to NTLM,” says Microsoft’s Matthew Palko in the official announcement.
The first feature, IAKerb, allows clients to authenticate with Kerberos in more diverse network topologies, such as firewall segmented environments or remote access scenarios.
The second feature, a local KDC for Kerberos, adds Kerberos support to local accounts, so that remote authentication of local user accounts can be done using Kerberos.
Not just that, but the Redmond-based tech giant is also extending NTLM management controls to provide administrators with greater flexibility in how they track and block NTLM usage in their environments.
Thoughts on this?