Use Windows authentication when you want clients to authenticate
using the NTLM or Kerberos protocols. The default authentication
configuration for IIS 7 enables Anonymous authentication only.
Windows authentication, which includes both NTLM and
Kerberos v5 authentication, is best suited for an intranet environment
for the following reasons:
Client computers and Web servers are in the same domain.
Administrators can make sure that every client browser is Internet Explorer 2.0 or later versions.
HTTP proxy connections, which are not supported by NTLM, are not required.
Kerberos v5 requires a connection to Active Directory, which is not feasible in an Internet environment