In a bid to strengthen authentication and security measures against relay attacks and unauthorized network access, Microsoft has confirmed that it will be using Kerberos in place of the NT LAN Manager in Windows 11, The Hacker News reports.
Devices running on Windows 11 will soon be updated with Initial and Pass Through Authentication Using Kerberos functionality, which would allow Kerberos authentication across various network topologies, as well as a local Key Distribution Center for Kerberos, which would enable local accounts to gain Kerberos support, according to Microsoft. Numerous hard-coded NTLM instances are also being addressed by Microsoft as it works on advancing the use of Kerberos before deactivating NTLM.
"All these changes will be enabled by default and will not require configuration for most scenarios. NTLM will continue to be available as a fallback to maintain existing compatibility," said Microsoft Enterprise and Security Senior Product Management Lead Matthew Palko.