I'm trying to figure out the best setup for my DNS suffix. Right now, I have the field blank in my system properties and I've enabled the 'Change primary DNS suffix when domain membership changes' option. Lately, I've noticed some devices in Defender show my primary.domain, while others just display AAD. My boss prefers them all to have the same suffix. When I add the suffix, they all show 'primary.domain' in Defender, but I'm concerned about potential risks. I've seen mixed opinions on these changes, which has left me confused. Interestingly, my boss removed his suffix, and now his device no longer shows in Defender, leaving me a bit puzzled. Any advice would be really helpful!
1 Answer
You should definitely use a valid DNS domain that you control, and stay away from using '.local' because that's now designated for mDNS. Using a registered domain can also help with getting publicly-signed X.509 certificates down the line. Plus, you won’t end up with failed DNS lookups, which can be a hassle. Just a heads up!
Should I add this manually? I have about 50 machines, so it wouldn’t be too hard for me.