Hi @Andreas
Before disabling NTLMv1, you should identify the services and machines that they still use it.
You can monitor from the event viewer of all DCs, where you can check if there are connection attempts with ntlmv1.
You can start with the servers first then the client machines. In other hand , I recommend you to disable it on the servers and client workstations gradually in order to be able to control incidents generated after the deactivation of ntlmv1 and not to exceed the capacity of the support team.
For domain controllers, I also recommend that you proceed gradually, even if NTLMv1 is disabled on all servers and client workstations, it is possible to have applications (non-microsoft)or equipment that authenticates via ntlmv1.
Please don't forget to mark helpful answer as accepted