If you recently deployed Microsoft Defender for Identity on your Domain Controllers and haven’t gone through all the prerequisites, you may find that you receive health alerts indicating NTLM Auditing is not enabled.
You can also enable NTLM Auditing on your Domain Controllers if you are planning to deploy Microsoft Defender for Identity.
Read at the link below for instructions on how to enable NTLM auditing via Group Policy to elevate the effectiveness of your Microsoft Defender for Identity deployment.
- Microsoft Defender for Identity | Enable NTLM Auditing
https://azurecloudai.blog/2023/02/07/microsoft-defender-for-identity-enable-ntlm-auditing/
kurtsh
Kurt Shintaku's Blog 