LDAPS / LDAP signing

We currently use LDAP (/adirectory) over port 389 with our domain controller for the recipient verification filter in the SMTP module. Since Microsoft will start enforcing LDAP signing in March, I've created a new authentication server entry with port 636 and SSL:


I also imported the CA certificate from our domain controller (which doubles as an internal CA):

The server test passes but when I switch to the new configuration, mails don't get rejected anymore. From this thread I've gathered that it was still a known issue in 2016:

I was gonna check if it's still an issue but the page for LDAP (under "Sophos UTM 9 > Authentication > LDAP") is not there:

Info about MS patch: