top of page
peckdevlogo.png

DEVELOPING FOR  
DYNAMIC SYSTEMS

Securing Windows Server environments leveraging the methods and technologies used to harden server environments and secure virtual machine infrastructures using Shielded and encryption-supported virtual machines and Guarded Fabric.

  • Manage certificates

    • Manage certificate templates

    • Implement and manage certificate deployment, validation, and revocation

    • Configure and manage key archival and recovery 

  • Install and configure AD FS

    • Examine AD FS requirements

    • Install the AD FS server role

    • Configure the AD FS server role

    • Implement claims-based authentication, including relying party trusts

    • Configure authentication policies Implement and configure device registration

    • Configure for use with Microsoft Azure and Microsoft Office 365

    • Configure AD FS to enable authentication of users stored in LDAP directories

    •  Upgrade and migrate previous AD FS workloads to Windows Server 2016

  • Implement Web Application Proxy

    • Install and configure Web Application Proxy

    • Integrate Web Application Proxy with AD FS

    • Implement Web Application Proxy in pass-through mode

    •  Publish Remote Desktop Gateway applications

  • Install and configure AD RMS

    • Deploy AD RMS server

    • Manage rights policy templates

    • Configure exclusion policies

    • Backup and restore AD RMS 

  • Implement server hardening solutions 

    • Configure disk and file encryption

    • Implement malware protection

    • Protect credentials

      1.  implement Credential Guard 

      2. configure Credential Guard using Group Policy

    • Create security baselines

      1.  Install and configure Microsoft Security Compliance Toolkit

      2.  create, view, and import security baselines

      3. deploy configurations to domain and non-domain joined servers

  • Secure a Virtualization Infrastructure 

    • Implement a Guarded Fabric solution

      1.  Install and configure the Host Guardian Service (HGS)

      2.  configure Admin-trusted attestation

      3. configure TPM-trusted attestation

      4. configure the Key Protection Service using HGS

      5. migrate Shielded VMs to other guarded hosts

    • Implement Shielded and encryption-supported VMs

      1. Determine requirements and scenarios for implementing Shielded VMs

      2. create a shielded VM using only a Hyper-V environment

      3. enable and configure vTPM to allow an operating system and data disk encryption within a VM

      4. determine requirements and scenarios for implementing encryption-supported VM

  • Secure a network infrastructure 

    • Configure Windows Firewall

    • Implement a Software Defined Datacenter Firewall

    • Secure network traffic

  •  Manage Privileged Identities

    • Implement Just-In-Time Administration

    • Implement Just-Enough-Administration 

    • Implement Privileged Access Workstations and User Rights Assignments

    • Implement Local Administrator Password Solution 

  • Implement threat detection solutions 

    • Configure advanced audit policies

    • Install and configure Microsoft Advanced Threat Analytics

    • Determine threat detection solutions using Operations Management Suite

SECURING%20WORKLOADS2_edited.jpg

SECURING WORKLOADS
 

bottom of page