This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 32%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
Presently in our environment "Allow connection fallback to NTLM is enabled" and we are getting a notification stating it can be a security risk.
Can you please recommend if we should leave it enabled or we should disable it.NTLM.jpg
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
If you disable it, you are risking your workloads that do not support Kerberos to break.
Rather than disabling it, you should track the usage of NTLM in your environment and address it proactively
Details at https://4sysops.com/archives/auditing-and-restricting-ntlm-authentication-using-group-policy/
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
Hi, When I am researching about it I found everywhere it is recommended to keep it disabled to reduce the security risk.
Yes - you should disable it as long as you understand and accept the impact (if any) on your existing environment
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
Thank you for the details. We will work on it now.