Apr 13 2022 09:49 AM
Updating best practices for Domain Controllers - Microsoft Tech Community
Most organizations using directory services are moving towards using a cloud-based identity platform, like Azure Active Directory, to take advantage of newer authentication methods like passwordless authentication, use conditional access to enforce zero-trust methodologies, and aspire to reduce their infrastructure footprint by phasing out Active Directory.
However, we realize that customers are on a journey and hybrid will be an important state for many customers for a long time. Domain Controllers still act as a pivotal piece of infrastructure for many organizations, and the identities that Active Directory holds are often the target for attackers.
Protecting DCs from attack has always been a priority for administrators. Some examples of ways organizations keep their DCs secure include:
Given the challenges that a modern security team is faced with, there’s potential to revisit these best practices to see where improvements can be made.