Weekly Tech Tidbit – If you woke up and LDAP authentication were dead, what would you do?

Weekly Tech Tidbit – If you woke up and LDAP authentication were dead, what would you do?

Microsoft has announced they are tightening the security standards for LDAP communications on Microsoft Active Directory networks.  This has huge implications as there are so many things in a typical school district's use that require some form of LDAP communication.

Originally Microsoft said they were sending this update out in January via Windows Updates.  Network managers worldwide strongly pushed back that they couldn't reconfigure their networks in time.   Microsoft announced it was changing its mind and releasing the update out in March.   The push back continued.  Microsoft has once again changed its mind and now says it will push the update out in the second half of 2020.

Regardless of the date there are a number of steps that *all* of you must do to assess, update and prepare your networks for these major changes.

If you came to our January technical meetings, Evan provided a nice outline of the steps you must accomplish prior to the release.  (If you were not there, you missed a lot).

Here are the high spots:

  • Assess your network for exactly what does LDAP and what is required for those vendors to support the new LDAP standards.
  • Assess your network for certificate delivery.
  • Make the required application and network design changes.
  • Turn on the new, more secure LDAP protocol once it becomes available.

There is a whole lot to unpack underneath those four bullets.  It will take time.  If you allow direct Windows Updates to servers and workstations, you are under even greater pressure to get this properly done before your network melts down.

You can read about Microsoft's changes here:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

You need to get out front of this.  We are happy to work with you to help you figure out what needs to be done and then implement the changes.

Give us a call and let's talk about what your next steps are.