Microsoftmvduin I misworded my original reply, I didn't try to mislead. You are correct mDNS is a peer-to-peer name resolution protocol, hence the security problems 🙂 I probably should have worded it as: if the functionality is still required between domain join hosts... I do ponder your thoughts on filtering out mDNS return packets with the QR bit set to 1 (mDNS responses) from unauthenticated sources, this could mitigate security issues with mDNS for enterprise use. That is in cases where it is still required, or else I would elect to just block it or turn it off. I'm not sure if the Connection Security Rules in in Windows Defender Firewall with Advanced Security MMC will allow that granular filtering. When I get some time I'll have to test it in a lab. Thank you for the idea.
