# Setup Secure LDAP for Microsoft Entra ID Domain Service

{% hint style="success" %}
By following the steps below, you'll enable secure LDAP on Microsoft Entra ID and configure the required firewall rules and roles, ensuring secure and seamless authentication for your EnGenius Access Points.
{% endhint %}

### **To get started:**

1. Sign in to the Microsoft Azure Admin console.
   * Navigate to [**portal.azure.com**](https://portal.azure.com/) and sign in with your credentials.
2. Enable the Microsoft Entra ID Secure LDAP Server.
   * Follow the instructions provided in the [Microsoft Entra ID documentation](https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-ldaps) to enable the secure LDAP server.
3. **(Optional)** Configure an appropriate role for verifying user credentials.
   * Specify a role that can read keys and values for the AP to verify users.
   * For more information on Microsoft Entra built-in roles, see[ ](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference)<https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference>.
4. Create a Firewall rule for the AP to query your Microsoft Entra ID Secure LDAP Server.
   * Ensure TCP traffic direction is set to outgoing to port 636 of hostname **`ldaps.aaddscontoso.com`** (hostname and port from step 1).