For cybersecurity professionals, it’s generally accepted that unsigned SMB networking & inbound NTLM authentication need to be eliminated from everyone’s networks. Both are too unsafe to be allowed to exist.
The problem for cybersecurity professionals however has been that explaining the threat – relay attacks, Actor in the Middle, Pass the Hash, etc. – has been too difficult for decision makers in digest. Even telling them that this is a fundamental ransomware threat hasn’t been enough to take action – leaving you, the security pro responsible, biting your nails on the sideline.
So we’ll be making the decision for them.
NEW SECURITY DEFAULTS FOR SMB & NTLM
Microsoft will be making SMB signing mandatory by default & we are removing and replacing NTLM by default. Both of these coming actions are officially public – see links below.
If you’re in cybersecurity & have leadership that hasn’t prioritized this for your organization, let them know that your organization can either preemptively test & disable unsigned SMB networking & inbound NTLM authentication now… or they can wait for Microsoft to do it for them. 
kurtsh
Kurt Shintaku's Blog 