Limitations

  1. Transparent identification does not authenticate; for example, it does not do password checking. It relies on the customer site having secure NT or Active Directory domains set up, along with physical security to stop unauthorized access to the company network or the users’ computers.
    Note: Although NTLM Identification works with Windows workgroups, it is not a recommended solution if you are concerned about security and correctly identifying end users.
  2. You cannot use transparent identification for remote users. Remote users must be registered and must log on using their email addresses.
  3. Users of non-Windows systems in a transparent identification policy still have to log on manually.
  4. Many proxies do not pass NTLM challenges, so if you have a chained proxy deployment, you should check this. Microsoft ISA/TMG Server and Blue Coat ProxySG do support NTLM pass-through.
  5. A browser that supports NTLM but is operating in a non-Windows environment (e.g., Firefox on a Linux platform), may exhibit strange behavior and may not work with a cloud policy that is configured to use NTLM. Where possible, we attempt to identify such browsers by user agent type and send an authentication request rather than an NTLM challenge.
  6. The existing Welcome page is not shown to users of NTLM-capable browsers in a transparent identification policy.