HCL is a partner of Microsoft, it would be great if you can sign Password Capture and sinchronization dll with developer certificate, that Microsoft might already issued you.
This will allow to use Password synchronization feature in LSA protected environments.
LSA is protecting servers from not running 3rd party code, including expoloits.
Partner enroll and Signing process is not complicated, this must be done, especially if Classified customers (and we assume who use LSA Protection) use Domino.
The Active Directory password synchronization password filter is not digitally signed by Microsoft and does not run on domain controllers that are running with LSA protection enabled.
Also NSDProxy64.exe https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0092529 that help to extract files from NSD must also be signed. If global policy is set not to run UNKNOWN files, Domino admins cant get NSD files from workstations. as result, they see crashes, but cant correlate them, they cant differ one cresh from another. Here is a instruction from Microsoft how to do signing...
Microsoft or MacOS out of the box, should see that code comes from HCL, and it may not harm users, thus all 100% of Notes functionality will work. We cant rely or ask customers to lower security to get all Notes features to work.