Hi Community,
On March 10th, 2020 Microsoft recommends moving to LDAP channel binding and LDAP signing to avoid replay attacks on the LDAP communication. After the hardening changes are done, Simple Authentication and Security Layer (SASL) LDAP binds that do not request signing (integrity verification) will be rejected by Active Directory domain controllers.
Please refer to our latest KBA to follow this in Sophos XG:
You can also check Microsoft Support's article here to learn more about this change.
This thread was automatically locked due to age.