Secure Windows Server on-premises and hybrid infrastructures

After completing this module, you will be able to:

• Implement Network Security Groups (NSGs) with Windows Server IaaS VMs.
• Implement adaptive network hardening.
• Implement Azure Firewall.
• Implement Windows Defender Firewall in Windows Server IaaS VMs.
• Choose an appropriate filtering solution.
• Capture network traffic with Network Watcher.

After completing this module, you will be able to:

• Describe Azure Security Center.
• Enable Azure Security Center in hybrid environments.
• Onboard Windows Server computers to Azure Security Center.
• Implement and assess security policies.
• Describe Azure Sentinel.
• Implement SIEM and SOAR.
• Protect your resources with Azure Security Center.

After completing this module, you will be able to:

• Describe Azure updates.
• Enable Update Management.
• Deploy updates.
• Review an update assessment.
• Manage updates for your Azure VMs.

After completing this module, you'll be able to:

• Enable Adaptive application controls.
• Implement adaptive application control policies.

After completing this module, you'll be able to:

• Describe Azure Disk Encryption.
• Configure Key Vault to support Azure Disk Encryption.
• Explain how to encrypt Azure IaaS VM hard disks.
• Back up and recover encrypted data from IaaS VM hard disks.

After completing this module, you will be able to:

• Implement Change Tracking and Inventory
• Manage Change Tracking and Inventory
• Manage tracked files
• Implement File Integrity Monitoring
• Select and monitor entities
• Use File Integrity Monitoring

After completing this module, you'll be able to:

• Describe split-horizon DNS and explain how to implement it.
• Create DNS policies.
• Implement DNS policies.
• Describe the options for protecting the DNS server role.
• Implement DNS security.

After completing this module, you will be able to:

• Configure and manage user accounts to limit security threats across an organization
• Apply Protected Users settings, policies, and authentication silos to protect highly privileged user accounts
• Describe and configure Windows Defender Credential Guard
• Configure Group Policy to block the use of NTLM for authentication

After completing this module, you will be able to:

• Manage local administrator passwords using Local Administrator Password Solution
• Limit administrative access to Privileged Access Workstations (PAWs)
• Explain how to secure domain controllers from being compromised
• Describe how to use the Microsoft Security Compliance Toolkit to harden servers
• Secure SMB traffic using SMB encryption

After completing this module, you will be able to:

• Describe the role of Windows Server Update Services (WSUS)
• Describe the WSUS update management process
• Deploy updates with WSUS

• Introduction
• Implement network security groups and Windows IaaS VMs
• Implement adaptive network hardening
• Implement Azure Firewall and Windows IaaS VMs
• Implement Windows firewall with Windows Server IaaS VMs
• Choose the appropriate filtering solution
• Deploy and configure Azure firewall using the Azure portal
• Capture network traffic with network watcher
• Log network traffic to and from a VM using the Azure portal
• Knowledge check
• Summary

• Introduction
• Describe Azure Security Center
• Enable Azure Security Center in hybrid environments
• Implement and assess security policies
• Protect your resources with Azure Security Center
• Implement Azure Sentinel
• Knowledge check
• Summary

• Introduction
• Describe update management
• Enable update management
• Deploy updates
• View update assessments
• Manage updates for your Azure Virtual Machines
• Knowledge check
• Summary

• Introduction
• Describe adaptive application control
• Implement adaptive application control policies
• Knowledge check
• Summary

• Introduction
• Describe Azure Disk Encryption and server-side encryption
• Configure Key Vault for Azure Disk Encryption
• Encrypt Azure IaaS Virtual Machine hard disks
• Back up and recover data from encrypted disks
• Create and encrypt a Windows Virtual Machine
• Knowledge check
• Summary

• Introduction
• Implement Change Tracking and Inventory
• Manage Change Tracking and Inventory
• Manage tracked files
• Implement File Integrity Monitoring
• Select and monitor entities
• Use File Integrity Monitoring
• Knowledge check
• Summary

• Introduction
• Implement split-horizon DNS
• Create DNS policies
• Implement DNS policies
• Secure Windows Server DNS
• Implement DNSSEC
• Knowledge check
• Summary

• Introduction
• Configure user account rights
• Protect user accounts with the Protected Users group
• Describe Windows Defender Credential Guard
• Block NTLM authentication
• Locate problematic accounts
• Knowledge check
• Summary

• Introduction
• Describe Local Password Administrator Solution
• Configure Privileged Access Workstations
• Secure domain controllers
• Analyze security configuration with Security Compliance Toolkit
• Secure SMB traffic
• Knowledge check
• Summary and Resources

• Introduction
• Explore Windows Update
• Outline Windows Server Update Services server deployment options
• Define Windows Server Update Services update management process
• Describe the process of Update Management
• Knowledge check
• Summary