Unplanned Outage: Due to a technical glitch, customers might see higher wait times on Sophos Call Lines. We request for your kind cooperation. Please prefer logging a case via Sophos Support Portal, unless the situation is critical for you.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Latest KB's] Configure AD/LDAP authentication over SSL/TLS due to Microsoft's new recommendation

Hi Community,

On March 10th 2020 Microsoft recommends to move to LDAP channel binding and LDAP signing to avoid replay attacks on the LDAP communication.

After the hardening changes are done, Simple Authentication and Security Layer (SASL) LDAP binds that do not request signing (integrity verification) will be rejected by Active Directory domain controllers.

Sophos Email Appliance supports LDAP authentication over SSL/TLS to avoid man-in-the-middle attacks.

Please refer to the below article for more information:

This thread was automatically locked due to age.