Merge pull request MicrosoftDocs#112335 from billmath/pta2

PRMerger13 · web-flow · commit f72835366c7c · 2020-04-22T12:26:15.000-07:00
adding important note
diff --git a/articles/active-directory/hybrid/how-to-connect-pta-quick-start.md b/articles/active-directory/hybrid/how-to-connect-pta-quick-start.md
@@ -33,6 +33,9 @@ Follow these instructions to deploy Pass-through Authentication on your tenant:
 
 Ensure that the following prerequisites are in place.
 
+>[!IMPORTANT]
+>From a security standpoint, administrators should treat the server running the PTA agent as if it were a domain controller.  The PTA agent servers should be hardened along the same lines as outlined in [Securing Domain Controllers Against Attack](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack)
+
 ### In the Azure Active Directory admin center
 
 1. Create a cloud-only global administrator account on your Azure AD tenant. This way, you can manage the configuration of your tenant should your on-premises services fail or become unavailable. Learn about [adding a cloud-only global administrator account](../active-directory-users-create-azure-portal.md). Completing this step is critical to ensure that you don't get locked out of your tenant.
