For over a decade, nation-state threat actors have consistently targeted university Active Directory (AD) environments, often with far-reaching consequences. As the threat landscape evolves, so too must our defenses. This session presents a forward-looking roadmap for strengthening AD security in 2025, with a focus on preventing lateral movement and privilege escalation. Attendees will gain practical guidance on implementing Protected Workstations, Privileged Identity Management (PIM), and building an effective monitoring and alerting framework to detect and respond to modern threats. Whether you're beginning your AD security journey or refining an existing approach, this talk will provide actionable insights tailored for the unique challenges of higher education.