Hello everyone, in my domain I would like to disable NTLM authentication.
Before disabling it completely, I wanted to do an audit to see if any applications or servers were still using it.
It would be nice to be able to make an OsQuery from livediscover, I haven't found anything in the community, does anyone have a query that extracts the 4624 events where the package name is NTLMv* ?