It seems like Traefik cannot handle NTLM properly, unless there are some hidden requirements. 
I've whipped up a quick config (with a bit of hackery to get things going on our internal network) and I'm essentially endlessly getting the NTLM login prompt from DevOps.
The config I'm testing with:
http:
middlewares:
limit:
buffering:
maxRequestBodyBytes: 20000000
routers:
to-devops:
rule: "Host(`devops.domain.local`)"
middlewares:
- limit
service: devops
entrypoints: websecure
tls:
certResolver: le
services:
devops:
loadBalancer:
serversTransport: devops-transport
servers:
- url: https://<our.public.devops.site>
serversTransports:
devops-transport:
disableHTTP2: true
insecureSkipVerify: true
Note that the DevOps server has also been configured (IIS) to handle devops.domain.local, and I've set up devops.domain.local in my own HOSTS file for testing...