Security and Advanced Services for Windows Server 2022

Before attending this course, students must have:

• Experience working in a Windows Sever infrastructure enterprise environment.

• Experience with Windows Server administration, maintenance, and troubleshooting.

• A solid, practical understanding of networking fundamentals, including TCP/IP, User Datagram Protocol (UDP), and Domain Name System (DNS).

• A solid, practical understanding of the principles of Active Directory Domain Services (AD DS)

• A solid, practical understanding of Microsoft Hyper-V virtualisation fundamentals.

• An understanding of Windows Server security principles.

Additionally, students would benefit from having some previous Windows Server operating system experience, such as experience as a Windows Server systems administrator. An understanding of Windows PowerShell would be advantageous.

• Secure Windows Server.
• Secure application development and a server-workload infrastructure.
• Manage security baselines.
• Configure and manage just enough administration.
• Manage data security.
• Manage malware and threats.
• Configure advanced auditing.
• Optimize file services by configuring File Server Resource Manager (FSRM) and Distributed File System (DFS).
• Manage threats by using Advanced Threat Analytics (ATA) and Microsoft Operations Management Suite.
• Install IIS
• Configure the default web site
• Configure and manage application pools
• Create additional web sites
• Secure web sites and applications
• Manage certificates in the Centralized Certificate Store
• Backup and restore IIS

Module 1: Protecting credentials and privileged access

Explains how you can configure user rights and security options, protect credentials by using Windows Defender Credential Guard, implement privileged-access workstations, and manage and deploy a local administrator-password solution that you can use to manage passwords for local administrator accounts

Module 2: Advanced auditing and log analytics

Explains how to use advanced auditing and Windows PowerShell transcripts.

Module 3: Securing workloads

Describes the Microsoft Advanced Threat Analytics tool and explains the Security Compliance Toolkit (SCT), including how you can use it to configure, manage, and deploy baselines. Additionally, students will learn how to deploy and configure Hyper-V and Windows Server containers.

Module 4: Planning and protecting data

Explains how to configure Encrypting File System (EFS) and BitLocker drive encryption to protect data at rest. Students will also learn how to extend protection into the cloud by using Microsoft Azure Information Protection.

Module 5: Optimizing and securing file services

Explains how to optimise file services by configuring File Server Resource Manager (FSRM) and Distributed File System (DFS). Students will learn how to protect a device’s data by using encryption or BitLocker. Students also will learn how to manage access to shared files by configuring Dynamic Access Control (DAC).

Module 6: Just Enough Administration

Explains how to deploy and configure the Just Enough Administration (JEA) feature.

Module 7: Understanding and Installing Internet Information Services

Provides a basic overview about the network infrastructure planning and common concerns with implementing a web server. This module teaches students to perform an installation of IIS and verify the working web server by testing the default created website. The ability to install components and test functionality when needed will be continually reinforced throughout the course

Module 8: Configuring the Default Website

Describes how to plan and implement network requirements for a public website. Students will configure DNS records to support access to internal and public websites and create virtual directories and application folders for additional website content. These concepts will be built upon in future modules and students begin to work with different bindings for both internal and external websites and web applications.

Module 9: Configuring and Managing Application Pools

Provides students with the details and the benefits to the application pool architecture. Students will create and configure application pools to support additional applications and configure application pool recycle settings. This module teaches students to perform recycle events and examine the event logs for recycle events

Module 10: Creating Additional Websites

Introduces students to the process on how to examine existing website bindings to determine and resolve naming conflicts. This module teaches students to create new websites using unique bindings and avoiding naming conflicts.

Module 11: Securing Websites and Applications

Introduces students to secure internal and public websites for users and groups by using the built-in Anonymous, Windows and Basic authentication. This module also teaches students to configure file system permissions for specific users and groups and secure a website using URL Authorization Rules.

Module 12: Managing Certificates in the Centralised Store

Describes how to install and configure the Microsoft Internet Information Service feature Central Certificate Store to enable centralized and improved certificate management. This module will teach students to configure a website to use a secured binding with the Central Certificate Store and explore the benefits to centralized certificate management. Students will also learn to properly name certificates for the store

Module 13: Backing Up and Restoring IIS

Focuses on the concepts of recovering a website and web server from failure. This module teaches students how to manage, backup and recover the configuration files, along with requirements for recovering content and certificates.