This topic explains how Managed Service for Microsoft Active Directory is hardened to minimize security vulnerabilities.

No public internet access

To improve security, Managed Microsoft AD is not exposed to the public internet. Managed Microsoft AD makes all connections via private IP from authorized networks:

  • Hosting: Each instance running Active Directory is hosted in its own VPC, which isolates users from each other.

  • Connecting: You can use authorized networks to connect to Managed Microsoft AD via private IP. Managed Microsoft AD handles the VPC peering for these connections.

  • Patching: Managed Microsoft AD applies Windows patches to the VM without using public internet access. Learn more about how Managed Microsoft AD handles patching.

Shielded VM

Shielded VMs are virtual machines (VMs) hardened by a set of security controls that help defend against rootkits and bootkits. All Managed Microsoft AD instances are protected by Shielded VM features at no additional cost.

OS image

Managed Microsoft AD VMs are seeded from the public Compute Engine Windows Server 2019 image. These images have Shielded VM features enabled and are optimized for running on Compute Engine infrastructure.


Managed Microsoft AD tests all Windows patches before applying them. Managed Microsoft AD runs probes, validates customer use cases, availability, security and reliability. After a patch passes these tests, Managed Microsoft AD applies it.

During patches and updates, the AD domain remains available. When a domain controller (DC) requires maintenance, a new DC running the new, validated patch is added to the Active Directory domain before the old DC is demoted. This ensures there are always at least two DCs running at any given time. The update process does not require any public internet access. The full patch rollout usually takes a few days, as domain controllers are updated one after another.

Credential rotation and encryption

Managed Microsoft AD uses several methods to protect credentials. Managed Microsoft AD frequently rotates credentials and encrypts them using industry-standard techniques. Credentials created for managing AD are never shared between instances. These credentials are only accessible by a small support team and automated systems, and then they are destroyed when the instance is deleted.

Restricted production access

Managed Microsoft AD employs multiple systems and processes to ensure that Google Cloud engineers have minimal access to the Managed Microsoft AD domain. Only a small number of on-call engineers have access to production data. They only access production to perform a recovery on a domain or for advanced troubleshooting. These accesses require a validated justification before they can proceed, and then they are logged and audited internally. Most accesses are automated such that they cannot access AD data. In rare scenarios, there might be a need for on-call engineers to remotely access domain controllers. In these cases, the remote accesses use Identity-Aware Proxy (IAP), not the public internet.