I'm reviewing the GPOs that run on the system. I've often noticed that my clients error about autoenrolment and I gather it was to do with encrypted comunications so I've ignored it. Anyhow I was looking at the Default Domain Controllers Policy and found the Digitally sign communications (always) and (if client agrees) are set to Disabled.

Does this have anything to do with auto enrolement? Should I enable this? what does it do and would I benefit from this?