I agree with the indications of other colleagues and would add
As they have already stated Integrated Windows Authentication (IWA) is deprecated, don't use it
https://blogs.vmware.com/vsphere/2020/05/vsphere-7-integrated-windows-authentication-iwa-ldap.html
If you use Active Directory as the identity source for vCenter Server, you should plan to enable LDAPS. For more information about this security update from Microsoft, see https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190023 and https://blogs.vmware.com/vsphere/2020 /01/ microsoft-ldap-vsphere-channel-binding-signing-adv190023.html.
From a security perspective, we use DUO to have 2FA
I hope that helps
