I've always thought, Windows should automatically only forward credentials for the local domain, or trusted domains, I don't think that would be difficult to sort and offer good protection.<p>BUT I don't necessarily blame Zoom for this.