This course teaches IT professionals how they can enhance the security of the IT infrastructure that they administer. This course begins by emphasizing the importance of assuming that network breaches have occurred already, and then teaches you how to protect administrative credentials and rights to help ensure that administrators can perform only the tasks that they need to, when they need to.
This course explains how you can use auditing and the Advanced Threat Analysis feature in Windows Server 2016 to identify security issues. You will also learn how to mitigate malware threats, secure your virtualization platform, and use deployment options such as Nano server and containers to enhance security. The course also explains how you can help protect access to files by using encryption and dynamic access control, and how you can enhance your network’s security.
Who should attend
This course is for IT professionals who need to administer Windows Server 2016 networks securely. These professionals typically work with networks that are configured as Windows Server domain-based environments, with managed access to the Internet and cloud services.
Students who seek certification in the 70-744 Securing Windows server exam also will benefit from this course.
After completing this course, students will be able to:
- Secure Windows Server.
- Secure application development and a server workload infrastructure.
- Manage security baselines.
- Configure and manage just enough and just-in-time (JIT) administration.
- Manage data security.
- Configure Windows Firewall and a software-defined distributed firewall.
- Secure network traffic.
- Secure your virtualization infrastructure.
- Manage malware and threats.
- Configure advanced auditing.
- Manage software updates.
- Manage threats by using Advanced Threat Analytics (ATA) and Microsoft Operations Management Suite (OMS).
Course Outline
1 - ATTACKS, BREACH DETECTION, AND SYSINTERNALS TOOLS
Understanding attacksDetecting breachesExamining activity with the Sysinternals toolLab : Basic breach detection and incident response strategies1 - BREACH DETECTION AND USING THE SYSINTERNALS TOOLS
Overview of breach detectionUsing the Sysinternals tools to detect breachesLab : Basic breach detection and incident response strategies2 - PROTECTING CREDENTIALS AND PRIVILEGED ACCESS
Understanding user rightsComputer and service accountsProtecting credentialsPrivileged-Access Workstations and jump serversLocal administrator-password solutionLab : Implementing user rights, security options, and group-managed service accounts user rights, security options, and group-managed service accountsLab : Configuring and deploying LAPs2 - PROTECTING CREDENTIALS AND PRIVILEGED ACCESS
Understanding user rightsComputer and service accountsProtecting credentialsUnderstanding privileged-access workstations and jump serversDeploying a local administrator-password solutionLab : User rights, security options, and group-managed service accountsLab : Configuring and deploying LAPs3 - LIMITING ADMINISTRATOR RIGHTS WITH JUST ENOUGH ADMINISTRATION
Understanding JEAConfiguring and deploying JEALab : Limiting administrator privileges by using JEA3 - LIMITING ADMINISTRATOR RIGHTS WITH JUST ENOUGH ADMINISTRATION
Understanding JEAVerifying and deploying JEALab : Limiting administrator privileges by using JEA4 - PRIVILEGED ACCESS MANAGEMENT AND ADMINISTRATIVE FORESTS
ESAE forestsOverview of Microsoft Identity ManagerOverview of JIT administration and PAMLab : Limiting administrator privileges with PAM4 - PRIVILEGED ACCESS MANAGEMENT AND ADMINISTRATIVE FORESTS
Understanding ESAE forestsOverview of MIMImplementing JIT and Privileged Access Management by using MIMLab : Limiting administrator privileges by using Privileged Access Management5 - MITIGATING MALWARE AND THREATS
Configuring and managing Windows DefenderRestricting softwareConfiguring and using the Device Guard featureDeploying and using the EMETLab : Securing applications by using AppLocker, Windows Defender, Device Guard Rules, and the EMET.5 - MITIGATING MALWARE AND THREATS
Configuring and managing Windows DefenderUsing software restricting policies (SRPs) and AppLockerConfiguring and using Device GuardUsing and deploying the Enhanced Mitigation Experience ToolkitLab : Securing applications by using AppLocker, Windows Defender, Device Guard Rules, and the EMET.6 - ANALYSING ACTIVITY BY USING ADVANCED AUDITING AND LOG ANALYTICS
Overview of auditingUnderstanding advanced auditingConfiguring Windows PowerShell auditing and loggingLab : Configuring encryption and advanced auditing6 - ANALYZING ACTIVITY WITH ADVANCED AUDITING AND LOG ANALYTICS
Overview of auditingAdvanced auditingWindows PowerShell auditing and loggingLab : Configuring advanced auditing7 - ANALYSING ACTIVITY WITH MICROSOFT ADVANCED THREAT ANALYTICS FEATURE AND OPERATIONS MANAGEMENT SUITE
Overview of Advanced Threat AnalyticsUnderstanding OMSLab : Advanced Threat Analytics and Operations Management Suite7 - DEPLOYING AND CONFIGURING ADVANCED THREAT ANALYTICS AND MICROSOFT OPERATIONS MANAGEMENT SUITE
Deploying and configuring ATADeploying and configuring Microsoft Operations Management SuiteLab : Deploying ATA and Microsoft Operations Management Suite8 - SECURE VIRTUALIZATION INFRASTRUCTURE
Guarded FabricShielded and encryption-supported virtual machinesLab : Guarded Fabric with administrator-trusted attestation and shielded VMs8 - SECURING YOUR VIRTUALIZATION AN INFRASTRUCTURE
Overview of Guarded Fabric VMsUnderstanding shielded and encryption-supported VMsLab : Deploying and using Guarded Fabric with administrator-trusted attestation and shielded VMs9 - SECURING APPLICATION DEVELOPMENT AND SERVER-WORKLOAD INFRASTRUCTURE
Using Security Compliance ManagerIntroduction to Nano ServerUnderstanding containersLab : Using Security Compliance ManagerLab : Deploying and Configuring Nano Server and containers9 - SECURING APPLICATION DEVELOPMENT AND SERVER-WORKLOAD INFRASTRUCTURE
Using Security Compliance ManagerIntroduction to Nano ServerUnderstanding containersLab : Using Security Compliance ManagerLab: Deploying and Configuring Nano Server10 - PLANNING AND PROTECTING DATA
Planning and implementing encryptionPlanning and implementing BitLockerLab : Protecting data by using encryption and BitLocker10 - PROTECTING DATA WITH ENCRYPTION
Planning and implementing encryptionPlanning and implementing BitLockerLab : Configuring EFS and BitLocker11 - LIMITING ACCESS TO FILE AND FOLDERS
Introduction to FSRMImplementing classification management and file-management tasksUnderstanding Dynamic Access Control (DAC)Lab : Configuring quotas and file screeningLab : Implementing DAC11 - OPTIMIZING AND SECURING FILE SERVICES
File Server Resource ManagerImplementing classification management and file-management tasksDynamic Access ControlLab : Quotas and file screeningLab : Implementing Dynamic Access Control12 - SECURING NETWORK TRAFFIC WITH FIREWALLS AND ENCRYPTION
Understanding network-related security threatsUnderstanding Windows Firewall with Advanced SecurityConfiguring IPsecDatacenter FirewallLab : Configuring Windows Firewall with Advanced Security12 - USING FIREWALLS TO CONTROL NETWORK TRAFFIC FLOW
Understanding Windows FirewallSoftware-defined distributed firewallsLab : Windows Firewall with Advanced Security13 - SECURING NETWORK TRAFFIC
Network-related security threats and connection-security rulesConfiguring advanced DNS settingsExamining network traffic with Microsoft Message AnalyzerSecuring SMB traffic, and analyzing SMB trafficLab : Connection security rules and securing DNSLab : Microsoft Message Analyzer and SMB encryption13 - SECURING NETWORK TRAFFIC
Network-related security threats and connection-security rulesConfiguring advanced DNS settingsExamining network traffic with Microsoft Message AnalyzerSecuring SMB traffic, and analyzing SMB trafficLab : Securing DNSLab : Microsoft Message Analyzer and SMB encryption14 - UPDATING WINDOWS SERVER
Overview of WSUSDeploying updates by using WSUSLab : Implementing update management