Assess the security and governance of on-premises Active Directory Domain Services (AD DS), including resilience to common attacks. Describe strategies to enhance the security of AD DS, such as implementing multi-factor authentication (MFA), using security baselines, and applying regular updates and patches.