Event details

Dive deep into Zero Trust DNS, a new security feature that enables enterprise IT administrators to natively enforce domain-name-based network access controls on their Windows endpoints. Learn how to deploy it using network shell (netsh) and get a recommended deployment plan to help you secure your Windows endpoints without impacting employee productivity.

 

This session is part of the Microsoft Technical Takeoff: Windows + Intune. Add it to your calendar, click Attend for event reminders, and post your questions and comments below! This session will also be recorded and available on demand shortly after conclusion of the live event.

Heather_Poulsen
Updated Mar 17, 2026
Technical Takeoff

4 Comments

Comments have been turned off for this event
  • Heather_Poulsen's avatar
    Heather_Poulsen
    Icon for Community Manager rankCommunity Manager
    Mar 23, 2026

    Welcome to “Zero Trust DNS: Securing Windows one connection at a time” at Microsoft Technical Takeoff. Q&A is open now and throughout the week. Please post any questions or feedback here in the Comments. [Note: If your organization’s policies prevent you from seeing the video on this page, you can also tune in on LinkedIn.]

  • C00kieMonster's avatar
    C00kieMonster
    Brass Contributor
    Mar 04, 2026

    Any issues or conflicts with Zscaler (ZIA, ZPA, and GRE tunnels), NAT64, DNS64, and/or IPv6-only networks?

    • AditiPatange's avatar
      AditiPatange
      Icon for Microsoft rankMicrosoft
      Mar 23, 2026

      Thanks for the question!

      ZTDNS operates at the Windows Filtering Platform layer and enforces policy at connection time, before any application traffic is established. Because of this, it’s generally complementary to solutions like SSE like Zscaler as long as they support encrypted DNS and use the system resolver. Traffic to allowed destinations can be routed through GRE tunnels or proxies if the gateway is also resolved by the trusted resolver.

      ZTDNS is also compatible with IPv6‑only environments, including NAT64/DNS64 deployments.