MS Credential Guard and NTLM - update?
- A possible question for AOB: has Microsoft 11 patch 22H2 emerged again? This was the patch that disabled NTLM/support for passwords way back in Oct 2220N. One of our client referred us to the Microsoft page from that time, which was updated in recent weeks. It’s not clear to me whether the patch has been re-released in a form which breaks NTLM?
- No particular new intel; but some anecdotes about need to turn off Credential Guard (affecting Windows 11 Enterprise only)
- whereas our past response was: keep Credential Guard on; just live with the fact that your password for eduroam needs to be entered again, seperated, not sourced from the Cred Guard any more
NTLM Deprecation Announcement (Specifically Client): https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features - short term way out: TTLS-PAP
- longer term: EAP-TLS (geteduroam, Managed IdP, …)