014: Remove app infra servers from AD
Overview
Move servers in your on-premises domain to either Entra ID Domain Services, or virtualized domain controllers in IaaS.
Reducing the footprint of Active Directory (AD) helps in Zero Trust implementation by minimizing the attack surface that can be exploited by attackers. A smaller AD environment reduces the number of potential vulnerabilities and entry points for cyber threats. It also simplifies management and security monitoring, making it easier to apply strict access controls and ensure compliance with Zero Trust policies, which require rigorous verification and minimal trust assumptions across the network.