2.6.1 BETA ---------- * Released December 21, 2025 * (Feature merge parity with 2.5.29) * Support for ARM64 CPU workstations has been added in 2.6 branch. * Drops support for installing on server 2016, and Windows 10 older builds than 1703. * New .NET framework minimum required: 4.7.2. * Refactored many internals to use modern C++ features to improve efficiency and reduce kernel context switches for synchronization. * Switch from comparing RevisionNumber to tracking a hash of settings, improves efficiency and avoids synchronization errors wher changes get missed due to simultaneous changes of different settings from different locations. * Added support to permit logons originating through Entra's "Cloud Kerberos Trust" to be regarded as 2-factor sessions. To use, select Logon Settings items "Treat Cloud Kerberos Trust Logons as 2-Factor Authentication", as well as "Treat Certificate Logons as 2-Factor Authentication" (Windows Hello-for-Business cached logons at workstations are seen as Certificate logons). * Permit caching of OTP lookups initiated by LDAP (performance improvement). * ServiceCacheMessageExtra defaults to "true" for new installs; save repeating redundant operations whose answers are already known. * ShortCircuitBoringNTLM defaults to "true" for new installs; omit a lot of needless processing and logging of NTLM logons that don't involve new OTP validations. * Computer Name Tracking has been completely re-implemented. It used to watch for computer$ account logons and record the IP address for every computer in the domain. This process required a lot of extra DC processing, had to track every computer in the environment, and had accuracy problems with VPN NAT and RODCs. The new process tracks only the computer accounts that could be relevant based on the current settings, and uses forward DNS to gather their IP addresses rather than collecting empirical computer account logons. It should be massively more efficient without losing any efficacy. * Remove very old Forced 2-Factor Computers -> "Treat all unknown machines as if they were in this list" setting, as mostly nobody uses it, and those who do don't use it correctly. (A better outcome is acheived by IP address range instead). And the old feature can no longer work at all since we have stopped attempting to track every domain computer's IP address, per above point. 2.5.x and earlier: see separate change logs