Hello @matteu31 ,
Thank you for posting here.
Q:Does bitlocker is necessary on virtual machine or only on physical client PC / servers ?
A:It depends on your security requirement, we usually enable bitlocker on portable physical device, such as laptop.
Q:I would like to know if you have some link / ressource / idea about the best practice to protect domain controller and server.
A: We can see suggestions below from the following link.
Reference:
Best Practices for Securing Active Directory
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou