Microsoft will be pushing a security update scheduled March 2020 to enforce LDAP channel binding and LDAP signing on Active Directory servers by default.
Does this impact AD authentications via SPS in any way?
In regards to LDAP authentications in SPS, there are two locations that need to be verified:
AD authentications will work successfully with the mentioned LDAP changes if SPS uses either TLS or STARTTLS
Please make sure that the Encryption is NOT set to disabled.
1. For Web UI LDAP authentications:
- Select AAA > Settings > Authentication Settings
- User Database > LDAP > Encryption > this must be set to either TLS (with port 636) or STARTTLS (with port 389)
2. For Connection Policies using AD authentications:
- Select Policies > LDAP Servers > Encryption > this must be set to either TLS (with port 636) or STARTTLS (with port 389)