Microsoft deprecates password payload in MPR notifications starting in Windows 11 24H2

  • Staff
FeatureDetails and mitigationDeprecation announced
NPLogonNotify and NPPasswordChangeNotify APIsStarting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in NPLogonNotify and NPPasswordChangeNotify APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a users password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the EnableMPRNotifications policy to enabled.March 2024


Since Microsoft likes to use initialisms without explaining them, the Multiple Provider Router (MPR) is the component that handles communication betweek Windows and the various network providers that are installed. Network providers are libraries (DLLs) that allow communication to other types of networks. These network providers can also act as credential managers, so they can receive a copy of the user's credentials. Slipping a rogue network provider (e.g., NPPSpy) into the mix could leak your credentials.

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 [rev. 3447]
    Computer type
    Intel NUC12WSHi7
    12th Gen Intel Core i7-1260P, 2100 MHz
    64 GB
    Graphics Card(s)
    Intel Iris Xe
    Sound Card
    built-in Realtek HD audio
    Monitor(s) Displays
    Dell U3219Q
    Screen Resolution
    3840x2160 @ 60Hz
    Hard Drives
    Samsung SSD 990 PRO 1TB
    CODE 104-Key Mechanical Keyboard with Cherry MX Clears
  • Operating System
    Linux Mint 21.2 (Cinnamon)
    Computer type
    Intel NUC8i5BEH
    Intel Core i5-8259U CPU @ 2.30GHz
    32 GB
    Graphics card(s)
    Iris Plus 655
    CODE 104-Key Mechanical Keyboard - Cherry MX Clear
Top Bottom