Here is some information about Negotiate Authentication Methods:
Microsoft Negotiate is a security support provider (SSP) that acts as an application layer between Security Support Provider Interface (SSPI) and the other SSPs. When an application calls into SSPI to log on to a network, it can specify an SSP to process the request. If the application specifies Negotiate, Negotiate analyzes the request and picks the best SSP to handle the request based on customer-configured security policy.
Currently, the Negotiate security package selects between Kerberos and NTLM. Negotiate selects Kerberos unless it cannot be used by one of the systems involved in the authentication or the calling application did not provide sufficient information to use Kerberos.
So, if NTLM works in your organization, you could remove the Negotiation, then use the NTLM directly.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
The function of Negotiate is choose Kerberos and NTLM for Outlook. Essentially, the client still uses Kerberos or NTLM.
If you want to let clients show as Negotiate, let us force on narrow down it:
I am writing here to confirm with you any update about this thread now.