Securing Windows Server

Overview

This three-day course equips IT professionals with the practical skills and knowledge required to secure Windows Server environments across on-premises, hybrid, and multi-cloud infrastructures.

Learners will explore the core security capabilities of Windows Server 2019, 2022, and 2025, including modern enhancements such as secured-core server, Azure Arc integration, and Hotpatching. The course focuses on strengthening identity protection, securing administrative access, protecting data, and implementing industry-aligned security baselines.

By combining hands-on exercises with real-world scenarios, this course enables learners to confidently design, implement, and manage a secure Windows Server platform that aligns with Microsoft best practices and modern security requirements.

Prerequisites

Before attending this course, learners should have:

• Experience configuring and managing Windows Server operating systems
• An understanding of Active Directory and Group Policy
• Knowledge of core networking concepts
• Awareness of fundamental security best practices

Target audience

This course is designed for:

• IT professionals with experience in day-to-day Windows Server administration
• Server administrators looking to deepen their security expertise
• Security architects who need to understand Windows Server security capabilities
• IT professionals working with non-Microsoft platforms who want to cross-train on Windows Server

Objectives

By the end of this course, learners will be able to:

• Configure and implement secured-core server features including virtualization-based security and secure boot
• Harden Hyper-V hosts and virtual machines
• Enable Azure Arc for centralised management across hybrid and multi-cloud environments
• Configure Azure Automanage and implement Hotpatch updates
• Apply Microsoft security baselines using Group Policy and OSConfig
• Protect identities using password policies, Credential Guard, and authentication silos
• Secure services using managed service accounts
• Apply least privilege principles to secure server administration
• Manage local administrator passwords using Windows LAPS
• Deploy and manage a public key infrastructure using Active Directory Certificate Services
• Secure data access using permissions and encrypted SMB connections
• Protect data at rest using BitLocker and Encrypting File System
• Configure advanced auditing policies
• Monitor server security posture using Microsoft Defender for Servers

Outline

Module 1: Building a secure platform

This module introduces the foundational security features of Windows Server and how to establish a hardened platform.

• Review Windows Server editions and security capabilities
• Configure secured-core server features
• Protect virtual machines using platform security controls

Module 2: Updating Windows and hardening the operating system

Learn how to maintain secure and up-to-date server environments using modern servicing and hybrid management tools.

• Review Windows Server servicing options
• Configure hybrid integration with Azure Arc
• Implement Windows Server Hotpatch
• Apply security baselines to harden servers

Module 3: Protecting identities

Explore identity protection strategies and authentication controls to reduce the risk of compromise.

• Understand identity management in Windows Server
• Manage computer accounts securely
• Configure authentication policies and controls
• Harden Kerberos and restrict NTLM usage
• Secure Windows services using managed service accounts

Module 4: Secure administration

This module focuses on implementing least privilege and securing administrative access.

• Understand groups and group scopes
• Plan and implement secure administration strategies
• Assign privileges using user rights
• Use groups to manage administrative roles
• Delegate administrative tasks securely
• Configure Windows LAPS
• Secure privileged access

Module 5: Deploying and managing certificates

Gain the skills to implement and manage encryption using a public key infrastructure.

• Review encryption technologies
• Understand public key infrastructure concepts
• Deploy Active Directory Certificate Services
• Manage certificate templates
• Deploy and manage certificates
• Use the central certificate store with IIS

Module 6: Data security

Learn how to secure data both at rest and in transit using built-in Windows Server technologies.

• Configure NTFS permissions for secure file systems
• Implement Dynamic Access Control
• Secure shared folder access
• Configure SMB signing and encryption
• Implement SMB over QUIC
• Protect data using Encrypting File System
• Deploy and manage BitLocker

Module 7: Advanced auditing and monitoring

Understand how to track, audit, and monitor security events across your server environment.

• Understand auditing concepts and strategy
• Configure advanced auditing policies
• • Integrate with Azure Monitor
• • Audit Windows PowerShell activity

Practical exercises

Throughout the course, learners will complete hands-on exercises to reinforce key concepts, including:

• Configuring a secured-core server
• Implementing hybrid integration with Azure Arc
• Applying security baselines using OSConfig
• Configuring authentication and credential protection
• Deploying managed service accounts
• Securing administrative access and delegation
• Implementing Windows LAPS
• Deploying Active Directory Certificate Services
• Securing data with SMB over QUIC and BitLocker
• Monitoring security using Azure-based tools
• Configuring advanced auditing