Microsoft NTLM phase-out and disable-by-default plan
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Microsoft is rolling out a three-phase NTLM phase-out for Windows, pushing organizations to audit NTLM usage, migrate to Kerberos, and prepare for NTLM-off configurations.
Related Happenings
Windows Autopatch enables hotpatch security updates by default for eligible devices
Security Tool/Service
First: 11.03.2026 11:15
Last: 11.03.2026 11:15
Sources 1
About this happening:
Microsoft is changing **Windows Autopatch** to enable **hotpatch security updates** by default, speeding security-fix rollout for eligible devices and reducing restart-related del...
Windows Autopatch enables hotpatch security updates by default for eligible devices
Security Tool/ServiceAbout this happening: Microsoft is changing **Windows Autopatch** to enable **hotpatch security updates** by default, speeding security-fix rollout for eligible devices and reducing restart-related del...
Microsoft Entra passkeys on Windows add phishing-resistant sign-in in public preview
Security Tool/Service
First: 10.03.2026 17:27
Last: 10.03.2026 17:27
Sources 1
About this happening:
**Microsoft Entra** is adding **passkey support on Windows devices**, bringing **phishing-resistant passwordless authentication** via **Windows Hello**. The rollout reaches **publ...
Microsoft Entra passkeys on Windows add phishing-resistant sign-in in public preview
Security Tool/ServiceAbout this happening: **Microsoft Entra** is adding **passkey support on Windows devices**, bringing **phishing-resistant passwordless authentication** via **Windows Hello**. The rollout reaches **publ...
Bitwarden adds passkey login for Windows 11 sign-in
Security Tool/Service
First: 05.03.2026 00:34
Last: 05.03.2026 00:34
Sources 1
About this happening:
**Bitwarden** added **passkey login** for **Windows 11**, expanding passwordless sign-in and reducing phishing exposure for users who store credentials in the vault.
Bitwarden adds passkey login for Windows 11 sign-in
Security Tool/ServiceAbout this happening: **Bitwarden** added **passkey login** for **Windows 11**, expanding passwordless sign-in and reducing phishing exposure for users who store credentials in the vault.
Microsoft rolls out native Sysmon monitoring to Windows 11 Insider builds
Security Tool/Service
First: 04.02.2026 14:58
Last: 04.02.2026 14:58
Sources 1
About this happening:
Microsoft has started rolling out **built-in Sysmon** to select **Windows 11 Insider** builds, adding native **security monitoring** and **Windows Event Log** capture without a se...
Microsoft rolls out native Sysmon monitoring to Windows 11 Insider builds
Security Tool/ServiceAbout this happening: Microsoft has started rolling out **built-in Sysmon** to select **Windows 11 Insider** builds, adding native **security monitoring** and **Windows Event Log** capture without a se...
Microsoft NTLM default-disable transition
Advisory/Mitigation
First: 30.01.2026 19:08
Last: 30.01.2026 19:08
Sources 1
About this happening:
**Microsoft** will disable **NTLM** by default in upcoming **Windows** releases, reducing exposure to **relay** and **pass-the-hash** attacks across legacy-authentication environm...
Microsoft NTLM default-disable transition
Advisory/MitigationAbout this happening: **Microsoft** will disable **NTLM** by default in upcoming **Windows** releases, reducing exposure to **relay** and **pass-the-hash** attacks across legacy-authentication environm...
Timeline
-
02.02.2026 17:59 2 articles · 3mo ago
Microsoft announces NTLM phase-out roadmap for Windows
Initial DisclosureMicrosoft announced a three-phase plan to phase out NTLM in Windows and move enterprise authentication toward Kerberos-based options. The roadmap says NTLM was formally deprecated in June 2024, Phase 1 enhanced NTLM auditing is available now to show where and why NTLM is still used, Phase 2 will address migration roadblocks with IAKerb and local KDC while updating core Windows components to prioritize Kerberos in H2 2026, and Phase 3 will disable NTLM by default in the next version of Windows Server and the associated Windows client with explicit re-enablement controlled by policy.
Show sources
- Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos — thehackernews.com — 02.02.2026 17:59
- Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos — thehackernews.com — 02.02.2026 17:59