CHAPTER 1: THE DEATH NOTICE - NTLM is deprecated, and Windows is on a phased path toward NTLM disabled by default. Removal is the direction of travel. CHAPTER 2: THE BODY COUNT (TELEMETRY) - What the signals actually say about where NTLM is still hiding—and why it matters. CHAPTER 3: THE TRAPS - NTLM behavior today is the result of policies + auditing + exceptions + compatibility knobs. Most environments think they’re safe. They’re not. CHAPTER 4: THE HIT LIST - The failure patterns we keep seeing (unknown target, SPN issues, IP address targets), and where the right answer is visibility—not denial. CHAPTER 5: THE CLEAN EXIT - A practical playbook: audit → measure → prioritize → remediate → validate NTLM off. Lessons learned so far from the trenches, plus deep dive into upcoming Kerberos features that make NTLM truly unnecessary.