---

In this inaugural episode of the TSG podcast, Directions' Barry Briggs, along with industry analysts George Gilbert and Peter O'Kelly, discuss Microsoft's strategies in AI and beyond for 2026.



Download audio: https://www.directionsonmicrosoft.com/wp-content/uploads/2026/01/season5ep3tsginaugural.mp3

Customer demand for AI is accelerating fast. And your company's AI app or agent should be there to meet it.

In this fiscal year, Microsoft has already seen 2x growth in customers purchasing AI products through Microsoft Marketplace, while also being the largest catalog of AI apps and agents in the industry. 

Building AI apps and agents isn’t just about model performance or speed to market. It’s about meeting your customers’ needs when they have them. For software companies, success depends on whether your AI solution is secure, compliant, responsibly designed, and ready to scale in real-world work environments.  

To meet growing customer appetite for AI apps and agents, Microsoft has 11,000+ AI models, tools custom-built for security and resilience, and industry-leading Responsible AI principles.

That’s why App Advisor starts by showing the many reasons why building with Microsoft is the right foundation for AI apps and agents. 

Why building AI apps and agents with Microsoft is different 

Microsoft, named an AI Leader by Gartner, brings together AI innovation, Responsible AI, and enterprise-grade security into a single, integrated platform. This matters when you’re quickly building AI-powered experiences and agents that your customers can trust. 

When you build with Microsoft, you’re building on an AI-native platform designed for production use: 

• Industry-leading AI and agentic capabilities supporting Gen AI, RAG, ML, predictive analytics, and multi-modal agent workflows, 

• Integrated developer tools to help teams ship faster that you already use and trust (like GitHub Copilot, Visual Studio, and Microsoft Foundry), 

• Seamless integration across the Microsoft stack to make it easier to connect data, services, and user experiences without stitching different systems together. 

This foundation helps you focus on what you’re building. Microsoft handles the complexity behind the scenes. 

Build confidently from day one, stay up to date with AI best practices 

Building with AI doesn't have to be risky. Data access, model behavior, governance, and compliance all matter more when AI and agents are embedded directly into customer workflows. Microsoft approaches this with end-to-end security and Responsible AI practices that are integrated throughout the development lifecycle. 

That's why App Advisor and Microsoft keep you up with the speed of designing with AI: 

• Principles to design your own AI Center of Excellence, 

• Sessions focused on the future of AI and agents in the AI Tour, 

• Resources and webinars, like the AI envisioning sessions, to keep you current. 

This is especially critical for software companies selling into regulated or security-conscious industries. Security isn't an afterthought. You’re building on a platform where they’re already part of the system. 

How App Advisor can help answer questions about building AI apps and agents

The first step in App Advisor is intentionally focused on clarity. Instead of jumping straight into tooling or publishing requirements, it helps you evaluate: 

• Why Microsoft is the right platform for AI apps and agents, 

• How building with Microsoft assists in development, scaling, and customer trust, 

• What kinds of opportunities exist in the Microsoft Marketplace and how to maximize on them. 

However, App Advisor doesn’t stop at discovery or development.

The same experience that helps you build AI apps and agents also supports growth through the Microsoft Marketplace—giving you access to global customers, streamlined procurement, and enterprise-ready distribution. From first line of code to go-to-market readiness, the platform is designed to support sustainable, scalable growth with confidence. 

Ready to build your AI app or agent? 

When you start with the right foundation, everything that follows moves faster—and with less risk.  

Start with the fundamentals: realize the potential of building with Microsoft with curated guidance in App Advisor

We look forward to seeing your AI app or agent on Microsoft Marketplace!

Windows is moving toward a more secure authentication model by phasing out New Technology LAN Manager (NTLM) in favor of stronger, Kerberos‑based alternatives. Let’s look at enhanced auditing and upcoming tools to help prepare your organization for disabling NTLM by default.

The evolution of Windows authentication

For more than three decades, NTLM has been part of Windows authentication. It is a legacy authentication protocol that uses challenge-response verification for access to network resources, most often as a fallback when Kerberos is unavailable.

NTLM consists of security protocols originally designed to provide authentication, integrity, and confidentiality to users. However, as security threats have evolved, so have our standards to meet modern security expectations. Today, NTLM is susceptible to various attacks, including replay and man-in-the-middle attacks, due to its use of weak cryptography.

Microsoft is committed to helping your organization transition to stronger authentication mechanisms. In this post you’ll find a long-term roadmap to reduce, restrict, and ultimately remove NTLM from Windows.

The importance of moving from deprecation to disabling NTLM

Today, NTLM is classified as deprecated. Deprecated features remain available, but no longer receive updates or enhancements and may be removed in a future release. Despite its deprecated status, NTLM continues to be prevalent in environments where modern protocols, such as Kerberos, are not feasible due to legacy dependencies, network limitations, or ingrained application logic. The ongoing use of NTLM exposes organizations to the following risks:

• No server authentication
• Vulnerability to replay, relay, and pass-the-hash attacks
• Weak cryptography
• Limited diagnostic data and auditing visibility (until recently)

It is now time to transition from deprecation to disabling NTLM by default in upcoming Windows releases. While the overarching objective is to eventually remove NTLM entirely, a phased strategy enables you to mitigate NTLM-related risks in a secure and predictable manner, without disrupting your organization.

A phased approach that meets you where you are

The roadmap below presents a three-phased approach toward this goal.

Important: Timelines and feature availability outlined in this post are subject to change as engineering schedules evolve.

With each phase come new capabilities so that your organization has the tools, visibility, and compatibility support needed before NTLM becomes disabled by default. Let’s take a closer look at each phase.

Phase 1: Building visibility and control

Available now, enhanced NTLM auditing helps your organization understand exactly where and why NTLM is still being used in your environment. This is the foundation of any NTLM migration effort. You can use it today with Windows Server 2025 and Windows 11, versions 24H2 and later. For additional guidance, see Disabling NTLM.

Phase 2: Addressing the top NTLM pain points

Here is how we can address some of the biggest blockers you may face when trying to eliminate NTLM:

• No line of sight to the domain controller: Features such as IAKerb and local Key Distribution Center (KDC) (pre-release) allow Kerberos authentication to succeed in scenarios where domain controller (DC) connectivity previously forced NTLM fallback.
• Local accounts authentication: Local KDC (pre-release) helps ensure that local account authentication no longer forces NTLM fallback on modern systems.
• Hardcoded NTLM usage: Core Windows components will be upgraded to negotiate Kerberos first, reducing instances on NTLM usage.

The solutions to these pain points will be available in the second half of 2026 for devices running Windows Server 2025 or Windows 11, version 24H2 and later.

Phase 3: NTLM disabled by default

In the next major Windows Server release and associated Windows client releases:

• Network NTLM will be disabled by default.
• NTLM usage will require explicit re-enablement through new policy controls.
• Support for handling NTLM only cases will be built-in, reducing application breakage. Examples include accessing targets with unknown SPNs, authentication requests made using IP addresses, local accounts on domain joined machines, and new NTLM blocking policies.

But what does ‘NTLM disabled by default’ really mean?

Disabling NTLM by default does not mean completely removing NTLM from Windows yet. Instead, it means that Windows will be delivered in a secure-by-default state where network NTLM authentication is blocked and no longer used automatically. The OS will prefer modern, more secure Kerberos-based alternatives. At the same time, common legacy scenarios will be addressed through new upcoming capabilities such as Local KDC and IAKerb (pre-release).

Note: While Microsoft continues to work toward NTLM-independent Windows, during phase 3, NTLM will remain present in the OS and can be explicitly re-enabled via policy if you still need it. This approach balances meaningful security improvements while maintaining a supported and phased transition as you move away from NTLM.

Our commitment to a secure, compatible transition

Disabling NTLM represents a major evolution in Windows authentication, and a critical step toward a passwordless, phishing resistant future. That is why we are committed to providing clear communication of timelines and expectations, and a phased transition with opt-in/opt-out controls.

Our phased roadmap is designed to give every organization clear, predictable steps to prepare for default NTLM disablement in Windows. If your organization is beginning or accelerating its NTLM reduction efforts, now is the right time to engage your identity, security, and application owners to take concrete steps:

1. Deploy enhanced NTLM auditing to identify where NTLM is still used.
2. Map dependencies across applications and services, and prioritize remediation. This may include reaching out to application developers to update critical applications.
3. Migrate and validate that critical workloads succeed with Kerberos. The capabilities that will be released in the second half of 2026 will significantly expand the scenarios where you can use Kerberos successfully.
4. Begin testing NTLM-off configurations in non-production environments.
5. Enable Kerberos upgrades as they become available through the Windows Insider Program, and then more broadly later this calendar year.

These actions will help you surface gaps early and prepare for NTLM being disabled by default and ultimately removed in future Windows releases.

We will continue to publish updated documentation, migration guides, and scenario specific instructions as new capabilities enter flighting or reach general availability later this calendar year. If you discover unique or hard-to-mitigate scenarios where NTLM is still being used, please reach out to ntlm@micorosft.com. These insights help us validate edge cases and ensure our features fully support real-world environments.

---

Securing the present, innovating for the future

Security is a shared responsibility. Through collaboration across hardware and software ecosystems, we can build more resilient systems secure by design, by default and during runtime, from Windows to the cloud, enabling trust at every layer of the digital experience.

Learn how to stay secure with Windows. Check out the updated Windows 11 Security Book and Windows Server Security Book, more about Windows 11, Windows Server, Windows hotpatch updates and Copilot+ PCs. To learn more about Microsoft Security Solutions, visit our website.

Bookmark the Microsoft Security Blog to keep up with our expert coverage on security matters. You can also follow Microsoft Security on LinkedIn and @MSFTSecurity on X for the latest news and updates on cybersecurity.

Going to RSA? We’re recording short, 15-minute Microsoft Security podcast conversations live at the conference- focused on real-world practitioner experience. No pitches, no slides, no marketing. Just an honest conversation about what you’re seeing, what’s changed, and what you’d tell a peer. If you’re doing the work and want to share your perspective, we’d love to hear from you.

 

Take the survey to let us know you are interested here!

 

2026-01-29

• Compaction messages show clearer command hints to view checkpoint summaries
• Press Ctrl+X then / to run slash commands without losing your input
• Improve /diff command with better visual indicators and scroll acceleration
• Add /allow-all and /yolo commands to auto-approve all permissions during a session
• Add Copilot option for agent creation wizard to generate name, description, and instructions based on initial agent description
• Add LSP (Language Server Protocol) tool for code intelligence (requires staff flag)
• Sessions get AI-generated names from first message
• Skills remain effective after conversation history is compacted
• /usage now includes token consumption from sub-agents (e.g., the general-purpose agent)
• Support .claude/commands/ single-file commands as simpler alternative to skills
• Skills load correctly on Windows
• Add /diff command to review session changes
• Undo/rewind to previous states with double-Esc