RunAs Radio The End of NTLM with Steve Syfuhs
24 snips
Oct 15, 2025 Steve Syfuhs, who leads the Windows authentication platform team at Microsoft, discusses the impending retirement of NTLM, a legacy authentication protocol. He outlines the complexities involved and explains how auditing improvements can help identify NTLM usage. Steve reveals why transitioning to Kerberos is not always straightforward and introduces Microsoft Negotiate as a valuable intermediary. He emphasizes that while retiring NTLM requires time and meticulous planning, there are steps organizations can take today to prepare for a secure future.
AI Snips
Chapters
Transcript
Episode notes
Strong Cert Rollout Was Careful And Successful
- Steve described the KB5015754 certificate rollout as a long, careful process that didn't break the world.
- He noted governments and smart-card users required extra mapping work due to scale.
NTLM Misses Server Authentication
- NTLM lacks server authentication so a client can't be sure the server is the real one.
- Kerberos provides both client and server authentication and stronger guarantees between services.
Deprecation Is An Onion To Peel
- Deprecating NTLM requires fixing many entrenched assumptions across systems.
- Microsoft is taking a bite-by-bite approach to remove NTLM reasons one at a time.