Domain Controller Firewall: Fact or Fiction?

The goal of this talk is to examine a specific set of firewall rules and filters that can significantly decrease the Domain Controller (DC) attack surface without impacting the Active Directory (AD) functionality. In addition, an automated method of generating the corresponding Group Policy Objects (GPOs) that target DCs will be introduced. You will also learn what dead ends and gotchas you might run into when you try to configure rules for outbound traffic, especially in hybrid (cloud-connected) environments.