Enabling secure LDAP (LDAPS) for an Azure AD DS managed domain
In an on-prem AD environment, there can be applications or services that require integration with AD. With AD integration, the application can search for AD users, allow login, assign permissions, etc. This integration part is usually done using LDAP. By default, traffic over LDAP is not encrypted. Due to the vulnerabilities, Microsoft now recommends only using secure LDAP (LDAPS, LDAP over SSL) connections to DCs. In Chapter 15, I have demonstrated how we enable secure LDAP access with an on-prem DC. Azure AD DS also supports secure LDAP connections. Most of the time the LDAP connection to Azure AD DS will be initiated over the public internet. So, it is important to have encryption in place to prevent man-in-the-middle attacks.
In this section, I am going to demonstrate how to enable secure LDAP for Azure AD DS. Before we start, make sure you have the following prerequisites in place:
- A valid Azure subscription...
