The Microsoft IT group helps protect the corporate network using domain isolation with IPsec. You can read about it here.
The Microsoft Solutions for Security (MSS) team has recently released a Server and Domain Isolation Using IPsec and Group Policy paper. This solution demonstrates how IPsec transport mode can be leveraged as one of the best means currently available to protect corporate networks and minimize losses due to information theft, compromise of credentials, and administrative costs. This solution also clearly contrasts IPsec transport mode with the more widely known IPsec tunnel mode, one of the prevalent VPN technologies today.
Detailed discussion on how Microsoft IT introduced Domain Isolation to the Microsoft global enterprise network, to prevent unauthorized access to trusted assets. The technology chosen for isolation is Internet Protocol Security (IPsec), a standards-based approach to authenticating network traffic, which can be deployed and managed centrally through the use of Group Policy. The result of these efforts is a secure, segmented network of trusted computers. Downloads (Technical White Paper, Technical White Paper Presentation)
Full article at <http://www.microsoft.com/technet/itsolutions/msit/default.mspx>