Microsoft
MicrosoftHey Tom_S
Zero Trust Architecture states you can't trust the network because there's no perimeter anymore,
That's correct, and when deploying Windows within a ZT environment, multicast name resolution simply shouldn't be used at all, end of story. There aren't any realistic ways for anyone to make multicast name resolution ZT friendly given its nature (crowd-sourced answer seeking, essentially). With mDNS/LLMNR/NetBIOS name resolution disabled, all queries will go over the configured unicast servers.
As for the policy of apps, that's beyond our team's scope, but I'll point out that Edge already brings its own policy that can be used to force it to always use the system DNS resolver, as does every other major browser I know of.
When admins configure their apps and limit software installations to ensure the system resolver is always used, I believe our existing logs will give you what you're looking for, which is also a data source for products such as Defender.
