Hello,
Thank you so much for posting here.
Deploy the August 11th updates to all applicable domain controllers (DCs) in the forest, including read-only domain controllers (RODCs). After deploying this update patched DCs will:
Log event IDs 5827 and 5828 in the System event log, if connections are denied.
By default, supported versions of Windows that have been fully updated should not be using vulnerable Netlogon secure channel connections. If an event ID 5827 is logged in the system event log for a Windows device:
1.Confirm that the device is running a supported versions of Windows.
2.Ensure the device is fully updated from Windows Update.
3.Check to ensure that Domain member: Digitally encrypt or sign secure channel data (always) is set to Enabled in a GPO linked to the OU for all your DCs, such as the default domain controllers GPO.
For any question, please feel free to contact us.
Best regards,
Hannah Xiong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.