Steve Syfuhs from Microsoft discusses the challenges and strategies associated with deprecating NTLM, a widely used but security-challenged protocol. He outlines the six reasons for NTLM’s usage and the existential problems they pose. Steve then shares the multi-part strategy devised by the Windows Authentication team to replace NTLM, which involves an extension to Kerberos called IAKerb and turning every machine into their own authoritative authentication service.