We need a solution that supports NTLM Authentication. Currently we are using WAF V1 but this goes end of life in 2026. Any alternatives?

Andrew1 SIMPSON 0 Reputation points
2024-06-25T09:49:15.2733333+00:00

We need a solution that supports NTLM Authentication. Currently we are using WAF V1 but this goes end of life in 2026. Any alternatives?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,011 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,401 Reputation points Microsoft Employee
    2024-06-25T11:19:27.45+00:00

    Hello @Andrew1 SIMPSON ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you are using Azure Application gateway WAF V1 with NTLM authentication, but this will be retired in 2026 and you would like to know if there are any alternatives for this.

    Application Gateway v2 doesn't support proxying requests with NTLM or Kerberos authentication.

    Refer: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-faq#does-application-gateway-v2-support-proxying-requests-with-ntlm-or-kerberos-authentication

    And as per Application Gateway Product Group team, this feature is not in our roadmap for V2.

    Refer: https://feedback.azure.com/d365community/idea/52e82d52-f925-ec11-b6e6-000d3a4f06a4#comments

    If it helps you can also go through this blog post on how the windows team is reducing dependencies on NTLM.

    The Azure Front Door Service is also not validated to work alongside NTLM authentication, and I checked internally to find that customers have run into issues while using Azure Front Door Service with NTLM auth.

    The recommendation that we received from the Azure Product Group team is to move to modern authentication protocols such as OAuth and OpenID Connect to address these issues. 

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


  2. Mrigank Jaiswal 0 Reputation points
    2024-06-25T14:36:28.68+00:00

    While WAF V1 supports NTLM authentication, it's reaching its end of life in 2026. Here are your options:

    Migrate to Modern Authentication: This is the recommended approach. Modern protocols like OAuth and OpenID Connect are more secure than NTLM. They offer features like single sign-on and are not susceptible to relay attacks like NTLM. Microsoft recommends migrating to these protocols (Microsoft Azure Product Group).

    Consider Alternative WAF Solutions: Explore WAF solutions that support NTLM authentication. However, be aware that NTLM itself is an older protocol with security limitations.

    Here are some additional points to consider:

    Migrating to modern authentication might require changes to your application.

    Continued reliance on NTLM might expose you to security vulnerabilities.

    0 comments No comments