Windows Server 2016: Set Up Privileged Access Management

Privileged access to Active Directory (AD) and other sensitive systems is often granted to IT staff permanently. Hackers target these users as they provide an easy way to compromise an entire network. To help combat the problem, Microsoft recommends organizations adopt its Enhanced Security Administrative Environment (ESAE) model where a hardened administrative forest (bastion forest) is dedicated to managing AD and enables organizations to regain control over already compromised domains.

Read more at – Windows Server 2016: Set Up Privileged Access Management