deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

dep-rm-ntlm-9544861

Browse Source
This commit is contained in:
Meghan Stewart 2024-11-18 14:48:56 -08:00
parent 07b06b7c6a
commit 2f92527801
4 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/whats-new/deprecated-features-resources.md
View File

@ -34,7 +34,7 @@ Customers concerned about NTLM usage in their environments are encouraged to uti
In many cases, applications should be able to replace NTLM with Negotiate using a one-line change in their `AcquireCredentialsHandle` request to the SSPI. One known exception is for applications that have made hard assumptions about the maximum number of round trips needed to complete authentication. In most cases, Negotiate will add at least one additional round trip. Some scenarios may require additional configuration. For more information, see [Kerberos authentication troubleshooting guidance](/troubleshoot/windows-server/windows-security/kerberos-authentication-troubleshooting-guidance). In many cases, applications should be able to replace NTLM with Negotiate using a one-line change in their `AcquireCredentialsHandle` request to the SSPI. One known exception is for applications that have made hard assumptions about the maximum number of round trips needed to complete authentication. In most cases, Negotiate will add at least one additional round trip. Some scenarios may require additional configuration. For more information, see [Kerberos authentication troubleshooting guidance](/troubleshoot/windows-server/windows-security/kerberos-authentication-troubleshooting-guidance).
Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm). Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm).
## WordPad ## WordPad

2
windows/whats-new/deprecated-features.md
View File

@ -51,7 +51,7 @@ The features in this article are no longer being actively developed, and might b
| Paint 3D <!--8995017--> | Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. To view and edit 2D images, you can use [Paint](https://apps.microsoft.com/detail/9pcfs5b6t72h) or [Photos](https://apps.microsoft.com/detail/9wzdncrfjbh4). For viewing 3D content, you can use [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths). For more information, see [Resources for deprecated features](deprecated-features-resources.md#paint-3d). | August 2024 | | Paint 3D <!--8995017--> | Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. To view and edit 2D images, you can use [Paint](https://apps.microsoft.com/detail/9pcfs5b6t72h) or [Photos](https://apps.microsoft.com/detail/9wzdncrfjbh4). For viewing 3D content, you can use [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths). For more information, see [Resources for deprecated features](deprecated-features-resources.md#paint-3d). | August 2024 |
| Adobe Type1 fonts <!--9183716-->| Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Windows. </br></br> In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. Application developers and content owners should test their apps and data files with the Adobe Type1 fonts removed. For more information, contact the application vendor or Adobe. | August 2024 | | Adobe Type1 fonts <!--9183716-->| Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Windows. </br></br> In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. Application developers and content owners should test their apps and data files with the Adobe Type1 fonts removed. For more information, contact the application vendor or Adobe. | August 2024 |
| DirectAccess <!--8713507-->| DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 | | DirectAccess <!--8713507-->| DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 |
| NTLM <!--8396018-->| All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see[Resources for deprecated features](deprecated-features-resources.md). | June 2024 | | NTLM <!--8396018-->| All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next feature update for Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see, [Resources for deprecated features](deprecated-features-resources.md). </br></br> **[Update - ANovember 2024]**: NTLMv1 was [removed](removed-features.md) in Windows 11, version 24H2 and Windows Server 20205. <!--9544861--> | June 2024 |
| Driver Verifier GUI (verifiergui.exe) <!--8995057--> | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | | Driver Verifier GUI (verifiergui.exe) <!--8995057--> | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 |
| NPLogonNotify and NPPasswordChangeNotify APIs <!--8787264--> | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 | | NPLogonNotify and NPPasswordChangeNotify APIs <!--8787264--> | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 |
| TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits <!--8644149-->| Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. </br></br> TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024| | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits <!--8644149-->| Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. </br></br> TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024|

1
windows/whats-new/ltsc/whats-new-windows-11-2024.md
View File

@ -156,6 +156,7 @@ Each version of Windows client adds new features and functionality. Occasionally
| Feature | Description | | Feature | Description |
|---------|-------------| |---------|-------------|
| NTLMv1 </br> [24H2][24H2] <!--9544861--> | NTLMv1 is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. |
| **WordPad** </br> [24H2][24H2]| WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. <!--8254696, 8494641--> | | **WordPad** </br> [24H2][24H2]| WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. <!--8254696, 8494641--> |
| **Alljoyn** </br> [24H2][24H2] | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired.<!--8396030--> | | **Alljoyn** </br> [24H2][24H2] | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired.<!--8396030--> |

1
windows/whats-new/removed-features.md
View File

@ -38,6 +38,7 @@ The following features and functionalities have been removed from the installed
|Feature | Details and mitigation | Support removed | |Feature | Details and mitigation | Support removed |
| ----------- | --------------------- | ------ | | ----------- | --------------------- | ------ |
| NTLMv1 <!--9544861--> | NTLMv1 is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | 24H2 |
| Microsoft Defender Application Guard for Edge | [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is deprecated for Microsoft Edge for Business and is no longer available starting with Windows 11, version 24H2. | 24H2 | | Microsoft Defender Application Guard for Edge | [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is deprecated for Microsoft Edge for Business and is no longer available starting with Windows 11, version 24H2. | 24H2 |
| WordPad <!--8254696, 8494641--> | WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. If you're a developer and need information about the affected binaries, see [Resources for deprecated features](deprecated-features-resources.md#wordpad). | October 1, 2024 | | WordPad <!--8254696, 8494641--> | WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. If you're a developer and need information about the affected binaries, see [Resources for deprecated features](deprecated-features-resources.md#wordpad). | October 1, 2024 |
| Alljoyn <!--8396030-->| Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures. AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | October 1, 2024 | | Alljoyn <!--8396030-->| Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures. AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | October 1, 2024 |