Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft NTLM default-disable transition

Advisory/Mitigation
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft will disable NTLM by default in upcoming Windows releases, reducing exposure to relay and pass-the-hash attacks across legacy-authentication environments. The shift moves domain-connected systems toward Kerberos and away from a protocol that has been widely abused for credential theft and privilege escalation. A phased transition plan gives administrators auditing and compatibility tools before network NTLM is blocked by default in later releases.

Related Happenings

Windows Autopatch enables hotpatch security updates by default for eligible devices

Security Tool/Service
First: 11.03.2026 11:15 Last: 11.03.2026 11:15 Sources 1

About this happening: Microsoft is changing **Windows Autopatch** to enable **hotpatch security updates** by default, speeding security-fix rollout for eligible devices and reducing restart-related del...

Open Happening

Microsoft Entra passkeys on Windows add phishing-resistant sign-in in public preview

Security Tool/Service
First: 10.03.2026 17:27 Last: 10.03.2026 17:27 Sources 1

About this happening: **Microsoft Entra** is adding **passkey support on Windows devices**, bringing **phishing-resistant passwordless authentication** via **Windows Hello**. The rollout reaches **publ...

Open Happening

Microsoft Windows Autopatch defaults hotpatch security updates for managed Windows devices

Security Tool/Service
First: 10.03.2026 12:35 Last: 10.03.2026 12:35 Sources 1

About this happening: Microsoft is making **hotpatch security updates** the default for eligible **Windows devices** managed through **Microsoft Intune** and the **Microsoft Graph API**, reducing resta...

Open Happening

Bitwarden adds passkey login for Windows 11 sign-in

Security Tool/Service
First: 05.03.2026 00:34 Last: 05.03.2026 00:34 Sources 1

About this happening: **Bitwarden** added **passkey login** for **Windows 11**, expanding passwordless sign-in and reducing phishing exposure for users who store credentials in the vault.

Open Happening

Microsoft expands Windows Backup for Organizations first-sign-in restore to hybrid-managed Windows 11 devices

Security Tool/Service
First: 26.02.2026 15:04 Last: 26.02.2026 15:04 Sources 1

About this happening: Microsoft expanded **Windows Backup for Organizations** so more enterprise users can restore **Windows settings** and **Microsoft Store apps** on first sign-in, improving device r...

Open Happening

Timeline

  1. 30.01.2026 19:08 2 articles · 3mo ago

    Microsoft announces NTLM default-disable plan for Windows

    Initial Disclosure

    Microsoft announced that NTLM will be disabled by default in upcoming Windows Server and Windows client releases as part of a shift toward Kerberos-based authentication. The transition plan starts with enhanced auditing in Windows 11 24H2 and Windows Server 2025 to find where NTLM is still used, then adds IAKerb and a Local Key Distribution Center in the second half of 2026 to reduce NTLM fallback, and later blocks network NTLM by default in future releases while still allowing explicit re-enablement through policy controls.

    Show sources
    Open in new tab