Microsoft active directory authentication protocol

All Schannel protocols use a client and server model. In addition to authentication, the NTLM protocol optionally provides for session security--specifically message integrity and confidentiality through signing and sealing functions in NTLM.

Leverage multifactor authentication Smart card support Biometric support Smart cards are a tamper-resistant and portable way to provide security solutions for tasks such as client authentication, logging on to domains, code signing, and securing e-mail.

Biometrics relies on measuring an unchanging physical characteristic of a person to uniquely identify that person. Fingerprints are one of the most frequently used biometric characteristics, with millions of fingerprint biometric devices that are embedded in personal computers and peripherals. For additional resources, see Smart Card Technical Reference.

Provide local management, storage and reuse of credentials Credentials management Local Security Authority Passwords Credential management in Windows ensures that credentials are stored securely.

Credentials are collected on the Secure Desktop for local or domain access , through apps or through websites so that the correct credentials are presented every time a resource is accessed.

Extend modern authentication protection to legacy systems Extended Protection for Authentication This feature enhances the protection and handling of credentials when authenticating network connections by using Integrated Windows Authentication IWA. Software requirements Windows Authentication is designed to be compatible with previous versions of the Windows operating system. However, improvements with each release are not necessarily applicable to previous versions. Refer to documentation about specific features for more information.

Many authentication features can be configured using Group Policy, which can be installed using Server Manager. Skip to main content. This browser is no longer supported. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Authentication vs.

Please rate your experience Yes No. Any additional feedback? Windows Active Directory AD authentication protocols authenticate users, computers, and services in AD, and enable authorized users and services to access resources securely. LM is among the oldest authentication protocols used by Microsoft. However, its hashes were relatively easy to crack.

By capturing hashes and cracking them to obtain account logon credentials, attackers could easily authenticate to other systems on the network. It enhanced the security of NTLM by adding the ability for a server to authenticate to a client. Kerberos authentication is a vast improvement over the previous technologies. From time to time, Microsoft may publish a preview, or pre-release, version of an Open Specifications technical document for community review and feedback.

To submit feedback for a preview version of a technical document, please follow any instructions specified for that document.

If no instructions are indicated for the document, please provide feedback by using the Open Specification Forums. The preview period for a technical document varies. Additionally, not every technical document will be published for preview.

A preview version of this document may be available on the Windows Protocols - Preview Documents page. After the preview period, the most current version of the document is available on this page. Find resources for creating interoperable solutions for Microsoft software, services, hardware, and non-Microsoft products:. Technical Documentation. Additionally, overview documents cover inter-protocol relationships and interactions.

This documentation is covered by Microsoft copyrights.