According to Microsoft, NTLM authentication must be deactivated in addition to the update in order to completely close the security gap in the AD Connect Client:
Deny use of NTLM authentication with the AADConnect server. Here are some ways to do this: Restricting NTLM on the AADConnect Server and Restricting NTLM on a domain
Information for Azure Active Directory Connect can be found under Prerequisites for Azure AD Connect
For information on the Azure Active Directory Connect provisioning agent, see Prerequisites for Azure AD Connect Cloud Synchronization
