Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

New Blog Post | Updating best practices for Domain Controllers



Updating best practices for Domain Controllers - Microsoft Tech Community

Most organizations using directory services are moving towards using a cloud-based identity platform, like Azure Active Directory, to take advantage of newer authentication methods like passwordless authentication, use conditional access to enforce zero-trust methodologies, and aspire to reduce their infrastructure footprint by phasing out Active Directory.


However, we realize that customers are on a journey and hybrid will be an important state for many customers for a long time. Domain Controllers still act as a pivotal piece of infrastructure for many organizations, and the identities that Active Directory holds are often the target for attackers.


Protecting DCs from attack has always been a priority for administrators. Some examples of ways organizations keep their DCs secure include:

  • Limit the use of Domain Admin privileges
  • Use jump boxes for RDP access or MMC access.
  • Do not install 3rd party applications on DCs
  • Restrict internet access to DCs

Given the challenges that a modern security team is faced with, there’s potential to revisit these best practices to see where improvements can be made.

0 Replies