- Implement Windows Server IaaS VM network security
After completing this module, you'll be able to:
Implement Network Security Groups (NSGs) with Windows Server IaaS VMs.
Implement adaptive network hardening.
Implement Azure Firewall.
Implement Windows Defender Firewall in Windows Server IaaS VMs.
Choose an appropriate filtering solution.
Capture network traffic with Network Watcher.
- Learn about Microsoft Defender for Cloud and how to onboard Windows Server computers to the Microsoft Defender for Cloud Service. Also learn about Microsoft Sentinel, security information and event management (SIEM), and security orchestration, automation, and response (SOAR).
After completing this module, you'll be able to:
- Describe Microsoft Defender for Cloud.
- Enable Microsoft Defender for Cloud in hybrid environments.
- Onboard Windows Server computers to Microsoft Defender for Cloud.
- Implement and assess security policies.
- Describe Microsoft Sentinel.
- Implement SIEM and SOAR.
- Protect your resources with Microsoft Defender for Cloud.
- You'll be able to enable Azure Update Management, deploy updates, review an update assessment, and manage updates for your Azure VMs.
After completing this module, you will be able to:
- Describe Azure updates.
- Enable Update Management.
- Deploy updates.
- Review an update assessment.
- Manage updates for your Azure VMs.
- Configure BitLocker disk encryption for Windows IaaS Virtual Machines
After completing this module, you'll be able to:
- Describe Azure Disk Encryption.
- Configure Key Vault to support Azure Disk Encryption.
- Explain how to encrypt Azure IaaS VM hard disks.
- Back up and recover encrypted data from IaaS VM hard disks.
- Implement change tracking and file integrity monitoring for Windows IaaS VMs
After completing this module, you'll be able to:
- Implement Change Tracking and Inventory
- Manage Change Tracking and Inventory
- Manage tracked files
- Implement File Integrity Monitoring
- Select and monitor entities
- Use File Integrity Monitoring
- Secure Windows Server DNS
After completing this module, you'll be able to:
- Describe split-horizon DNS and explain how to implement it.
- Create DNS policies.
- Implement DNS policies.
- Describe the options for protecting the DNS server role.
- Implement DNS security.
- Protect your Active Directory environment by securing user accounts to least privilege and placing them in the Protected Users group. Learn how to limit authentication scope and remediate potentially insecure accounts.
After completing this module, you'll be able to:
- Configure and manage user accounts to limit security threats across an organization
- Apply Protected Users settings, policies, and authentication silos to protect highly privileged user accounts
- Describe and configure Windows Defender Credential Guard
- Configure Group Policy to block the use of NTLM for authentication
- Learn how to harden the security configuration of your Windows Server operating system environment. Secure administrative access to Privileged Access Workstations (PAWs), apply security baselines, and secure domain controllers and SMB traffic.
After completing this module, you will be able to:
Manage local administrator passwords using Local Administrator Password Solution
Limit administrative access to Privileged Access Workstations (PAWs)
Explain how to secure domain controllers from being compromised
Describe how to use the Microsoft Security Compliance Toolkit to harden servers
Secure SMB traffic using SMB encryption
- Learn how to use Windows Server Update Services to deploy operating system updates to computers on your network. Select the appropriate deployment option and combine WSUS with Microsoft Azure Update Management to manage server updates.
After completing this module, you'll be able to:
- Describe the role of Windows Server Update Services (WSUS)
- Describe the WSUS update management process
- Deploy updates with WSUS
