YoVDO

Secure Windows Server on-premises and hybrid infrastructures

Offered By: Microsoft via Microsoft Learn

Tags

Windows Server Courses Network Security Courses DNS Security Courses Azure Security Center Courses

Course Description

Overview

  • Module 1: Implement Windows Server IaaS VM network security
  • After completing this module, you will be able to:

    • Implement Network Security Groups (NSGs) with Windows Server IaaS VMs.
    • Implement adaptive network hardening.
    • Implement Azure Firewall.
    • Implement Windows Defender Firewall in Windows Server IaaS VMs.
    • Choose an appropriate filtering solution.
    • Capture network traffic with Network Watcher.
  • Module 2: You'll learn about Azure Security Center and how to onboard Windows Server computers to Security Center. You'll also learn about Azure Sentinel, security information and event management (SIEM), and security orchestration, automation and response (SOAR).
  • After completing this module, you will be able to:

    • Describe Azure Security Center.
    • Enable Azure Security Center in hybrid environments.
    • Onboard Windows Server computers to Azure Security Center.
    • Implement and assess security policies.
    • Describe Azure Sentinel.
    • Implement SIEM and SOAR.
    • Protect your resources with Azure Security Center.
  • Module 3: You'll be able to enable Azure Update Management, deploy updates, review an update assessment, and manage updates for your Azure VMs.
  • After completing this module, you will be able to:

    • Describe Azure updates.
    • Enable Update Management.
    • Deploy updates.
    • Review an update assessment.
    • Manage updates for your Azure VMs.
  • Module 4: You'll be able to implement Adaptive application controls within your organization to protect your Windows Server IaaS VMs.
  • After completing this module, you'll be able to:

    • Enable Adaptive application controls.
    • Implement adaptive application control policies.
  • Module 5: Configure BitLocker disk encryption for Windows IaaS Virtual Machines
  • After completing this module, you'll be able to:

    • Describe Azure Disk Encryption.
    • Configure Key Vault to support Azure Disk Encryption.
    • Explain how to encrypt Azure IaaS VM hard disks.
    • Back up and recover encrypted data from IaaS VM hard disks.
  • Module 6: Implement change tracking and file integrity monitoring for Windows IaaS VMs
  • After completing this module, you will be able to:

    • Implement Change Tracking and Inventory
    • Manage Change Tracking and Inventory
    • Manage tracked files
    • Implement File Integrity Monitoring
    • Select and monitor entities
    • Use File Integrity Monitoring
  • Module 7: Secure Windows Server DNS
  • After completing this module, you'll be able to:

    • Describe split-horizon DNS and explain how to implement it.
    • Create DNS policies.
    • Implement DNS policies.
    • Describe the options for protecting the DNS server role.
    • Implement DNS security.
  • Module 8: Protect your Active Directory environment by securing user accounts to least privilege and placing them in the Protected Users group. Learn how to limit authentication scope and remediate potentially insecure accounts.
  • After completing this module, you will be able to:

    • Configure and manage user accounts to limit security threats across an organization
    • Apply Protected Users settings, policies, and authentication silos to protect highly privileged user accounts
    • Describe and configure Windows Defender Credential Guard
    • Configure Group Policy to block the use of NTLM for authentication
  • Module 9: Learn how to harden the security configuration of your Windows Server operating system environment. Secure administrative access to Privileged Access Workstations (PAWs), apply security baselines, and secure domain controllers and SMB traffic.
  • After completing this module, you will be able to:

    • Manage local administrator passwords using Local Administrator Password Solution
    • Limit administrative access to Privileged Access Workstations (PAWs)
    • Explain how to secure domain controllers from being compromised
    • Describe how to use the Microsoft Security Compliance Toolkit to harden servers
    • Secure SMB traffic using SMB encryption
  • Module 10: Learn how to use Windows Server Update Services to deploy operating system updates to computers on your network. Select the appropriate deployment option and combine WSUS with Microsoft Azure Update Management to manage server updates.
  • After completing this module, you will be able to:

    • Describe the role of Windows Server Update Services (WSUS)
    • Describe the WSUS update management process
    • Deploy updates with WSUS

Syllabus

  • Module 1: Implement Windows Server IaaS VM network security
    • Introduction
    • Implement network security groups and Windows IaaS VMs
    • Implement adaptive network hardening
    • Implement Azure Firewall and Windows IaaS VMs
    • Implement Windows firewall with Windows Server IaaS VMs
    • Choose the appropriate filtering solution
    • Deploy and configure Azure firewall using the Azure portal
    • Capture network traffic with network watcher
    • Log network traffic to and from a VM using the Azure portal
    • Knowledge check
    • Summary
  • Module 2: Audit the security of Windows Server IaaS Virtual Machines
    • Introduction
    • Describe Azure Security Center
    • Enable Azure Security Center in hybrid environments
    • Implement and assess security policies
    • Protect your resources with Azure Security Center
    • Implement Azure Sentinel
    • Knowledge check
    • Summary
  • Module 3: Manage Azure updates
    • Introduction
    • Describe update management
    • Enable update management
    • Deploy updates
    • View update assessments
    • Manage updates for your Azure Virtual Machines
    • Knowledge check
    • Summary
  • Module 4: Create and implement application allowlists with adaptive application control
    • Introduction
    • Describe adaptive application control
    • Implement adaptive application control policies
    • Knowledge check
    • Summary
  • Module 5: Configure BitLocker disk encryption for Windows IaaS Virtual Machines
    • Introduction
    • Describe Azure Disk Encryption and server-side encryption
    • Configure Key Vault for Azure Disk Encryption
    • Encrypt Azure IaaS Virtual Machine hard disks
    • Back up and recover data from encrypted disks
    • Create and encrypt a Windows Virtual Machine
    • Knowledge check
    • Summary
  • Module 6: Implement change tracking and file integrity monitoring for Windows IaaS VMs
    • Introduction
    • Implement Change Tracking and Inventory
    • Manage Change Tracking and Inventory
    • Manage tracked files
    • Implement File Integrity Monitoring
    • Select and monitor entities
    • Use File Integrity Monitoring
    • Knowledge check
    • Summary
  • Module 7: Secure Windows Server DNS
    • Introduction
    • Implement split-horizon DNS
    • Create DNS policies
    • Implement DNS policies
    • Secure Windows Server DNS
    • Implement DNSSEC
    • Knowledge check
    • Summary
  • Module 8: Secure Windows Server user accounts
    • Introduction
    • Configure user account rights
    • Protect user accounts with the Protected Users group
    • Describe Windows Defender Credential Guard
    • Block NTLM authentication
    • Locate problematic accounts
    • Knowledge check
    • Summary
  • Module 9: Hardening Windows Server
    • Introduction
    • Describe Local Password Administrator Solution
    • Configure Privileged Access Workstations
    • Secure domain controllers
    • Analyze security configuration with Security Compliance Toolkit
    • Secure SMB traffic
    • Knowledge check
    • Summary and Resources
  • Module 10: Windows Server update management
    • Introduction
    • Explore Windows Update
    • Outline Windows Server Update Services server deployment options
    • Define Windows Server Update Services update management process
    • Describe the process of Update Management
    • Knowledge check
    • Summary

Tags

Related Courses

Network Security
(ISC)² via Coursera
5G Network Fundamentals
Institut Mines-Télécom via Coursera
5G for Everyone
Qualcomm via Coursera
AWS Advanced Networking Specialty (LA)
A Cloud Guru
AWS Certified Advanced Networking - Specialty 2020
A Cloud Guru