I believe you need to invest in two other areas to protect your branch office servers: physical security and user education.

While features such as RODC and BitLocker help mitigate risk, a bad guy having physical possession of your server is still a big deal. Even if he cannot gain access to the data, he can still prevent your users from gaining access to it. Reasonable investments in physical security also increase the availability of services.

I continue to hear stories of cleaning staff unplugging servers, unnecessary water damage, and accidental shutdowns. Use locked closets or cabinets. Plan for UPS protection. Ensure proper ventilation. For large enterprises, this may be obvious—but then again, in a big firm, do you know ...