:
The behavior of your domain controller changes based on the value assigned to this key: Description Disabled strongcertificatebindingenforcement registry key
– The KDC reads the certificate’s:
Microsoft has implemented a phased rollout for this enforcement: : The behavior of your domain controller changes
If enabled without testing, this setting can break legitimate authentication flows. For example: strongcertificatebindingenforcement registry key