Merge pull request #5826 from limwainstein/new-recommendations-ntlm

NTLM recommendation

Author: limwainstein

defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md

@@ -30,10 +30,12 @@ This article provides information about new features and important product updat
 
 ## December 2025
 
+- (Preview) **Microsoft Secure Score now includes new recommendations** to help organizations proactively prevent common endpoint attack techniques:
+  - **Disable Remote Registry service on Windows**: Prevents remote access to the Windows registry, reducing attack surface and blocking unauthorized configuration changes, privilege escalation, and lateral movement.
+  - **Disable NTLM authentication for Windows workstations**: Helps prevent credential theft and lateral movement attacks by removing support for an outdated and insecure protocol. New Technology LAN Manager (NTLM) can be exploited with techniques like Pass-the-Hash and NTLM relay, allowing attackers to bypass password complexity and compromise domains.
 - (GA) [CVE exceptions](tvm-exception-overview.md#types-of-exceptions) are now generally available, and also support:
     - The **False positive** justification. [Learn more](tvm-exception-overview.md#justification)
     - The `status` field as part of the response for the `GET /api/vulnerabilities` request. [Learn more](/defender-endpoint/api/get-all-vulnerabilities)
-- (Preview) Microsoft Secure Score now includes the **Disable Remote Registry service on Windows** recommendation. This recommendation prevents remote access to the Windows registry, reducing attack surface and blocking unauthorized configuration changes, privilege escalation, and lateral movement.
 
 ## November 2025