SecurityWeek reports that Microsoft has moved to better combat NTLM relay attacks by standardizing the implementation of Extended Protection for Authentication in Windows Server 2025 and Azure Directory Certificate Services, as well as channel binding for the Lightweight Directory Access Protocol, after enabling EPA by default in Exchange Server 2019 earlier this year.
Both features could be manually activated by Windows Server 2022 and 2019 admins, while those using Exchange Server 2016 could use a script to enable EPA, according to Microsoft, which also disapproved NTLMv2 and removed NTLMv1 from Windows 11 24H2 and Windows Server 2025. "As we progress towards disabling NTLM by default, immediate, short-term changes, such as enabling EPA in Exchange Server, AD CS, and LDAP reinforce a 'secure by default' posture and safeguard users from real-world attacks. We look forward to investing in more secure-by-default NTLM hardening measures across supported versions in the near future," said Microsoft.
