Specifying requirements to secure AD DS
Many companies have hybrid architectures that still utilize on-premises AD DS as their primary source for managing users, groups, and devices. Protecting identities and maintaining the principles of least privilege for users is as important for AD DS domain controllers as it is for cloud-native identities within Azure AD. Users should not have administrative privileges if they are not necessary to perform their daily tasks. To support administrative control on servers within the domain, you should implement secure administrative hosts to provide hardened systems to control administrative access to other endpoints.
Domain controllers must be secured and hardened against attacks. The domain controllers administer users, groups, and policies across the AD DS architecture. Monitoring, managing, and securing these servers with patch management and security baselines will reduce the attack surface and potential for the domain controllers and member...