Microsoft intends to release a security update to enable LDAP channel binding and LDAP signing hardening changes. This update was set to be available on March 10,2020. After the hardening changes, Microsoft Active Directory server will reject LDAP simple binds.
To accommodate this security update, the Access Method should be set to “Username/Password LDAPS or Username/Password StartTLS” Below are the steps on how to configure this:
Active Directory Computer Synchronization
- Log in to Vulnerability Protection Manager.
- Go to the Computers tab.
- Click New and select "Add Directory".
- Fill in the text boxes and under Access Method, select “Username/Password LDAPS" or "Username/Password StartTLS”.
- Click Next and follow the succeeding steps.
Active Directory User Synchronization
This only supports “Username/Password LDAPS” or “Username/Password StartTLS”. There is no need to make any changes on this one to accommodate the security update.
For any concerns, contact Trend Micro Technical Support.