Hi @Andreas ,
It is not mandatory to do, only strongly suggested, also according to Microsoft's assessment on the CVE-2021-42287, the exploitation is considered "less likely", so it's not something I would worry about as it will also be automatically patched in the future.
But if you do choose to proceed with the enforcement, then yes, you will have to create the registry key (DWORD) PacRequestorEnforcement
with the value of 2 under the location HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc.
----------
If the reply was helpful please don't forget to upvote
and/or accept as answer
, thank you!
Best regards,
Leon