Course NT-20744 Securing Windows Server 2016

Module 1: Breach detection and using the Sysinternals tools

• Overview of breach detection
• Using the Sysinternals tools to detect breaches

Module 2: Protecting credentials and privileged access

• Understanding user rights
• Computer and service accounts
• Protecting credentials
• Understanding privileged-access workstations and jump servers
• Deploying a local administrator-password solution

Module 3: Limiting administrator rights with Just Enough Administration (JEA)

• Understanding JEA
• Configuring and deploying JEA

Module 4: Privileged Access Management and administrative forests

• Understanding ESAE forests
• Overview of MIM
• Implementing JIT and Privileged Access Management by using MIM

Module 5: Mitigating malware and threats

• Configuring and managing Windows Defender
• Using software restricting policies (SRPs) and AppLocker
• Configuring and using Device Guard
• Using and deploying the Enhanced Mitigation Experience Toolkit

Module 6: Analyzing activity by using advanced auditing and log analytics

• Overview of auditing
• Understanding advanced auditing
• Configuring Windows PowerShell auditing and logging

Module 7: Analyzing activity with Microsoft Advanced Threat Analytics feature and Operations Management Suite

• Overview of Advanced Threat Analytics
• Understanding OMS

Module 8: Securing your virtualization an infrastructure

• Overview of Guarded Fabric VMs
• Understanding shielded and encryption-supported VMs

Module 9: Securing application development and server-workload infrastructure

• Using Security Compliance Manager
• Introduction to Nano Server
• Understanding containers

Module 10: Protecting data with encryption

• Planning and implementing encryption
• Planning and implementing BitLocker

Module 11: Limiting access to file and folders

• Introduction to FSRM
• Implementing classification management and file-management tasks
• Understanding Dynamic Access Control (DAC)

Module 12: Using firewalls to control network traffic flow

• Understanding Windows Firewall
• Software-defined distributed firewalls

Module 13: Securing network traffic

• Network-related security threats and connection-security rules
• Configuring advanced DNS settings
• Examining network traffic with Microsoft Message Analyzer
• Securing SMB traffic, and analysing SMB traffic

Module 14: Updating Windows Server

• Overview of WSUS
• Deploying updates by using WSUS

Labs

Basic breach detection and incident response strategies

• Identifying attack types
• Using incident-response strategies
• Exploring the Sysinternals tools

User rights, security options, and group-managed service accounts

• Configuring security options
• Configuring restricted groups
• Delegating privileges
• Creating and managing group managed service accounts (MSAs)
• Configuring the Credential Guard feature
• Locating problematic accounts

Configuring and deploying LAPs

• Installing local administrator password solution (LAPs)
• Configuring LAPs
• Deploying LAPs

Limiting administrator privileges by using JEA

• Creating a role-capability file
• Creating a session-configuration file
• Creating a JEA endpoint
• Connecting to a JEA endpoint
• Deploying JEA by using Desire State Configuration (DSC)

Limiting administrator privileges by using Privileged Access Management

• Using a layered approach to security
• Exploring MIM
• Configuring a MIM web portal
• Configuring the Privileged Access feature
• Requesting privileged access

Securing applications by using AppLocker, Windows Defender, Device Guard Rules, and the EMET.

• Configuring Windows Defender
• Configuring AppLocker
• Configuring and deploying Device Guard
• Deploying and using EMET

Configuring encryption and advanced auditing

• Configuring auditing of file-system access
• Auditing domain logons
• Managing the configuration of advanced audit policies
• Windows PowerShell logging and auditing

Advanced Threat Analytics and Operations Management Suite

• Using ATA and OMS
• Preparing and deploying ATA
• Preparing and deploying OMS

Deploying and using Guarded Fabric with administrator-trusted attestation and shielded VMs

• Deploying Guarded Fabric VMs with administrator-trusted attestation
• Deploying a shielded VM

Using Security Compliance Manager

• Configuring a security baseline for Windows Server 2016
• Deploying a security baseline for Windows Server 2016

Deploying and Configuring Nano Server and containers

• Deploying, managing, and securing Nano Server
• Deploying, managing, and securing Windows Server containers
• Deploying, managing, and securing Hyper-V containers

Configuring EFS and BitLocker

• Encrypting and recovering access to encrypted files
• Using BitLocker to protect data

Configuring quotas and file screening

• Configuring FSRM quotas
• Configuring file screening

Implementing DAC

• Preparing DAC
• Implementing DAC

Windows Firewall with Advanced Security

• Creating and testing inbound rules
• Creating and testing outbound rules

Connection security rules and securing DNS

• Creating and testing connection security rules
• Configuring and testing DNSSEC

Microsoft Message Analyzer and SMB encryption

• Using Microsoft Message Analyzer
• Configuring and verifying SMB encryption on SMB shares

Implementing update management

• Implementing the WSUS server role
• Configuring update settings
• Approving and deploying an update by using WSUS
• Deploying Windows Defender definition updates by using WSUS