Appendix eA – Configuring Authentication Service On Microsoft Windows 10

Windows authentication is not appropriate for use in an Internet environment, because that environment does not require or encrypt user credentials. The default setting for Windows authentication is Negotiate. This setting means that the client can select the appropriate security support provider. To force NTLM authentication, you must change the value of the ,Provider. element under the ,windowsAuthentication. element in the ApplicationHost.config file [1].