top of page


Securing Windows Server environments leveraging the methods and technologies used to harden server environments and secure virtual machine infrastructures using Shielded and encryption-supported virtual machines and Guarded Fabric.

  • Manage certificates

    • Manage certificate templates

    • Implement and manage certificate deployment, validation, and revocation

    • Configure and manage key archival and recovery 

  • Install and configure AD FS

    • Examine AD FS requirements

    • Install the AD FS server role

    • Configure the AD FS server role

    • Implement claims-based authentication, including relying party trusts

    • Configure authentication policies Implement and configure device registration

    • Configure for use with Microsoft Azure and Microsoft Office 365

    • Configure AD FS to enable authentication of users stored in LDAP directories

    •  Upgrade and migrate previous AD FS workloads to Windows Server 2016

  • Implement Web Application Proxy

    • Install and configure Web Application Proxy

    • Integrate Web Application Proxy with AD FS

    • Implement Web Application Proxy in pass-through mode

    •  Publish Remote Desktop Gateway applications

  • Install and configure AD RMS

    • Deploy AD RMS server

    • Manage rights policy templates

    • Configure exclusion policies

    • Backup and restore AD RMS 

  • Implement server hardening solutions 

    • Configure disk and file encryption

    • Implement malware protection

    • Protect credentials

      1.  implement Credential Guard 

      2. configure Credential Guard using Group Policy

    • Create security baselines

      1.  Install and configure Microsoft Security Compliance Toolkit

      2.  create, view, and import security baselines

      3. deploy configurations to domain and non-domain joined servers

  • Secure a Virtualization Infrastructure 

    • Implement a Guarded Fabric solution

      1.  Install and configure the Host Guardian Service (HGS)

      2.  configure Admin-trusted attestation

      3. configure TPM-trusted attestation

      4. configure the Key Protection Service using HGS

      5. migrate Shielded VMs to other guarded hosts

    • Implement Shielded and encryption-supported VMs

      1. Determine requirements and scenarios for implementing Shielded VMs

      2. create a shielded VM using only a Hyper-V environment

      3. enable and configure vTPM to allow an operating system and data disk encryption within a VM

      4. determine requirements and scenarios for implementing encryption-supported VM

  • Secure a network infrastructure 

    • Configure Windows Firewall

    • Implement a Software Defined Datacenter Firewall

    • Secure network traffic

  •  Manage Privileged Identities

    • Implement Just-In-Time Administration

    • Implement Just-Enough-Administration 

    • Implement Privileged Access Workstations and User Rights Assignments

    • Implement Local Administrator Password Solution 

  • Implement threat detection solutions 

    • Configure advanced audit policies

    • Install and configure Microsoft Advanced Threat Analytics

    • Determine threat detection solutions using Operations Management Suite



bottom of page