Client Management Suite

"Microsoft intends to release a security update on Windows Update to enable LDAP channel binding and LDAP signing hardening changes and anticipate this update will be available in mid-January 2020."

If we use a System configuration task to bind to AD, is it doing the LDAP bind over SSL? 

Can anyone clarify if these new security measures on domain controllers (enforced with new win update) will break our binding during imaging process (via system config)?  What about technician access to the console?

https://support.microsoft.com/en-ca/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

I asked support for clarification, will report back if I get it.

I don't think support really understands the changes that Microsoft is implementing, so remains to be seen if anything will break. YOLO I guess for me on this one.

I activated logging for the LDAP signing part as explained by MS in 2 environments running ITMS, in both environments we have events 2889 about LDAP binding without requesting signing, but none are related to ITMS, so looks like it won't cause any issues.

In 1 environment I will be able to force it manually in the next 2 weeks as I have only 1 source to fix, will post results regarding ITMS once I"m able to (if not somebody else replies earlier ;))

Just sharing for anyone that finds this that MS pushed back update till March

new links

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

 https://techcommunity.microsoft.com/t5/Core-Infrastructure-and-Security/LDAP-Channel-Binding-and-LDAP-Signing-Requirements-JAN-2020/ba-p/921536