While Microsoft sets a balance with the default security settings for Windows Server, it's possible to go a lot further when it comes to securing the environment. This Workshop has 7 modules:
Module 1: Locating and Tracking Suspicious Activity
Microsoft suggests you assume you've been breached, but how do you know? In this module, you'll learn what to look for, where to look for it and the tools that you should use to do so. You'll learn which Event IDs are most indicative of suspicious activity, how to minimize the chance that that event logs aren't compromised by intruders, how to set up your own tools to investigate possible breaches, and how to use Microsoft tools such as the Sysinternals Tools, Advanced Threat Analytics, OMS and Azure Security Center to further your investigation.
Module 2: Hardening Accounts and Authentication
Administrator accounts are the keys to the castle. In this module, you'll learn about the technologies you can use to harden accounts and authentication including the protected user's group, authentication policy silos, disabling NTLM, credential guard, admin free Active Directory and how to implement enhanced security administrative environment forests.
Module 3: Securing Administration
In this module, you'll look at several secure administration technologies. Just Enough Administration lets you configure tightly scoped PowerShell administrative endpoints. Project Honolulu allows the secure management of both Server Core and Desktop Experience Servers. Privileged Access Management, also known as Just in Time Administration, allows time limited administrative privileges.
Module 4: Hardening Windows Server
Windows Server is configured as mostly secure out of the box, but there's more that you can do to the operating system to harden it. In this module, you'll learn about the steps you can take to make Windows Server more secure, from removing SMB1 and configuring network isolation policies, through to group managed service accounts, anti-malware configuration, enforcing configuration through code using Desired State Configuration and assessing configuration compliance through the Security Compliance Toolkit.
Module 5: Hardening Virtualization Fabric
An increasing number of attacks are made against the virtualization fabric as, in many organizations, if you control the virtualization fabric, you have complete control over all of the virtual machines running on that fabric. In this module, you'll learn about Guarded Fabric, Shielded and Encrypted VMs. These technologies allow you to protect virtualization workloads and minimize the chance that a compromised virtualization server will result in compromised virtual machines.
Module 6: Securing Application Execution
In this module, you'll learn about a variety of technologies that you can use to restrict application execution to a set of specifically whitelisted applications. You'll learn how you can secure the Windows platform using AppLocker, Windows Defender Application Control, Windows Defender Application Guard as well as Device Guard.
Module 7: Securing Common Windows Server Workloads
Once you've secured the server platform, you'll need to secure the workloads running on that platform. In this module you'll learn how to secure DNS, DHCP, File Servers, IIS and Certificate Services. You'll also learn how you can improve security by containerizing applications.
You will learn:
- Improve the security of your Windows Server environment
- Improve the security of your administration practices
- Understand what to look for when you suspect you've been breached