Guarding Against Vulnerability
While Microsoft issued a patch for the Zerologon flaw in August 2020, it s not clear if all the company s customers have applied it to their networks to address the vulnerability. So, Microsoft will begin enabling domain controller enforcement mode by default, according to the company alert. This will block vulnerable connections from non-compliant devices, Microsoft says. Domain controller enforcement mode requires that all Windows and non-Windows devices use secure [remote procedure call] with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device.
Domain controllers respond to authentication requests and verify users on computer networks. By enabling enforcement mode, the domain controllers will not allow Netlogon connections from devices that lack secure remote procedure call protocols unless those device accounts have been specifically added via a gro