you don't tell us which browser(s) you are using to test NTLM SSO. The thing is NTLM SSO credential exchange is not attempted by default by any of the tier-1 browsers (IE/Edge, Chrome, Firefox). You need to explicitly configure them to send the credentials as part of the connection negotiation exchange (e.g., IE doesn't send the user credentials unless
the Moodle server is part of the 'trusted zone' or the 'intranet zone' the client browser security settings: https://moodle.org/mod/forum/discuss.php?d=80104#p416040).
If all your Moodle users are using Micrososft browsers from machines that are part of your Active Directory domain, you can use Group Policies to configure the needed settings automatically (see https://moodle.org/mod/forum/discuss.php?d=115726#p615067).
Otherwise, each user will need to configure their own browser following the browser documentation.
By the way, using SSL was not mandatory for NTLM SSO to work last time I checked (but that was on IE 8.x, so things might have changed), but it's still a very good idea