In the Azure Portal, search for Domain Services and select Azure AD Domain Services from the search result
Choose the managed domain and select the Secure LDAP option on the left-hand side of the Azure AD DS window
By default, Secure LDAP access to your managed domain is disabled. Toggle the Secure LDAP option to Enable - when public secure LDAP access is enabled, your domain is vulnerable to password attacks over the internet. In the next step, a network security group is configured to lock down access to only the required source IP address ranges
Toggle the Allow secure LDAP access over the internet option to Enable
Select the folder icon next to the .PFX file with secure LDAP certificate. Browse to the .PFX file path, then select the certificate you had before. Enter the password to decrypt the .PFX file set in the step where the certificate was exported to a .PFX file
Select Save to enable secure LDAP