Microsoft has announced that they will be implementing a change that will, by default, enable LDAP channel binding and LDAP signing.
Technical details and background information is described in the Microsoft Articles linked below.
This change is being implemented by Microsoft in the second half of calendar year 2020, and will improve the security of authentication requests to a Windows LDAP server (in most cases Domain Controllers), as well as reduce the likelihood of successful man-in-the-middle attacks.
What is the impact of this change?
If secure encrypted TLS connection to Active Directory is not used, you will be impacted. The change to require LDAP signing will cause any LDAP bind operations that are unsigned or performed over a clear text (non-SSL/TLS) connection to fail.
What can you do?
Administrators can prevent the feature update from making these change either by enabling LDAP signing and channel binding NOW or by configuring non-default values prior to installing updates that enable LDAP signing and channel binding by default. However, in all cases, a reconfiguration of the LDAP connection settings on devices or software applications may be required.
Solutions Overview
Managed IT Services
Cloud Services
Security Services
Application Development
IT Consulting Services
Network Services
IT Procurement Services
Collaboration & Communications
