Hardening Windows: Security Foundations Developers Can Build On | OD859

by Jason Fisher

Jason Fisher explains how Windows is tightening its security foundations and what developers should expect as legacy authentication is reduced, code trust requirements get stricter, and post-quantum cryptography is introduced into the platform.

Overview

This Microsoft Build 2026 session covers how Windows is raising baseline security by:

The session includes live demos and focuses on what is changing, how it can affect applications, and what developers and organizations should do to prepare.

Legacy reduction: moving away from NTLM

Why NTLM is being reduced

The presenters describe NTLM as a legacy authentication mechanism with known weaknesses and attack exposure, motivating a platform shift away from NTLM-based assumptions.

Transitioning to Kerberos

Windows is positioning Kerberos-based approaches as the replacement path, including:

These are presented as mechanisms to help replace NTLM scenarios and support transition planning.

Auditing and blocking policies

The session calls out organizational controls for managing the rollout:

Trusted code execution: stronger Windows defaults

Driver security modernization

Windows is tightening driver trust expectations, including enforcement tied to:

App trust controls

The session highlights Windows features intended to ensure only trusted/signed code runs:

These are framed as part of a broader move toward secure-by-default execution policies.

Post-quantum cryptography (PQC) in Windows

The presenters introduce Windows platform work to integrate PQC algorithms, including:

The goal is to prepare Windows and the ecosystem for a “post-quantum” future where cryptographic assumptions need to change.

Resources

Speakers