Enforcing secure LDAP in exchange server 2016

Hello guys,

I have a disjoint (not hybrid) exchange server 2016 cu 23  and AD server environment. How could I enforce or configure secure ldap in exchange server. As I can see in netstat and TCP connection in process monitoring (of exchange server) that normal ldap 389 port is being used by various exchange services.

If anyone knows kindly guide.