- Secure Windows Server.
- Secure application development and a server workload infrastructure.
- Manage security baselines.
- Configure and manage just enough and just-in-time (JIT) administration.
- Manage data security.
- Configure Windows Firewall and a software-defined distributed firewall.
- Secure network traffic.
- Secure your virtualization infrastructure.
- Manage malware and threats.
- Configure advanced auditing.
- Manage software updates.
- Manage threats by using Advanced Threat Analytics (ATA) and Microsoft Operations Management Suite (OMS).
Module 1: Breach detection and using the Sysinternals tools
- Overview of breach detection
- Using the Sysinternals tools to detect breaches
Lab : Basic breach detection and incident response strategies
- Identifying attack types
- Using incident-response strategies
- Exploring the Sysinternals tools
Module 2: Protecting credentials and privileged access
- Understanding user rights
- Computer and service accounts
- Protecting credentials
- Understanding privileged-access workstations and jump servers
- Deploying a local administrator-password solution
Lab : User rights, security options, and group-managed service accounts
- Configuring security options
- Configuring restricted groups
- Delegating privileges
- Creating and managing group managed service accounts (MSAs)
- Configuring the Credential Guard feature
- Locating problematic accounts
Lab : Configuring and deploying LAPs
- Installing local administrator password solution (LAPs)
- Configuring LAPs
- Deploying LAPs
Module 3: Limiting administrator rights with Just Enough Administration
- Understanding JEA
- Configuring and deploying JEA
Lab : Limiting administrator privileges by using JEA
- Creating a role-capability file
- Creating a session-configuration file
- Creating a JEA endpoint
- Connecting to a JEA endpoint
- Deploying JEA by using Desire State Configuration (DSC)
Module 4: Privileged Access Management and administrative forests
- Understanding ESAE forests
- Overview of MIM
- Implementing JIT and Privileged Access Management by using MIM
Lab : Limiting administrator privileges by using Privileged Access Management
- Using a layered approach to security
- Exploring MIM
- Configuring a MIM web portal
- Configuring the Privileged Access feature
- Requesting privileged access
Module 5: Mitigating malware and threats
- Configuring and managing Windows Defender
- Using software restricting policies (SRPs) and AppLocker
- Configuring and using Device Guard
- Using and deploying the Enhanced Mitigation Experience Toolkit
Lab : Securing applications by using AppLocker, Windows Defender, Device Guard Rules, and the EMET.
- Configuring Windows Defender
- Configuring AppLocker
- Configuring and deploying Device Guard
- Deploying and using EMET
Module 6: Analysing activity by using advanced auditing and log analytics
- Overview of auditing
- Understanding advanced auditing
- Configuring Windows PowerShell auditing and logging
Lab : Configuring encryption and advanced auditing
- Configuring auditing of file-system access
- Auditing domain logons
- Managing the configuration of advanced audit policies
- Windows PowerShell logging and auditing
Module 7: Analysing activity with Microsoft Advanced Threat Analytics feature and Operations Management Suite
- Overview of Advanced Threat Analytics
- Understanding OMS
Lab : Advanced Threat Analytics and Operations Management Suite
- Using ATA and OMS
- Preparing and deploying ATA
- Preparing and deploying OMS
Module 8: Securing your virtualization an infrastructure
- Overview of Guarded Fabric VMs
- Understanding shielded and encryption-supported VMs
Lab : Deploying and using Guarded Fabric with administrator-trusted attestation and shielded VMs
- Deploying Guarded Fabric VMs with administrator-trusted attestation
- Deploying a shielded VM
Module 9: Securing application development and server-workload infrastructure
- Using Security Compliance Manager
- Introduction to Nano Server
- Understanding containers
Lab : Using Security Compliance Manager
- Configuring a security baseline for Windows Server 2016
- Deploying a security baseline for Windows Server 2016
Lab : Deploying and Configuring Nano Server and containers
- Deploying, managing, and securing Nano Server
- Deploying, managing, and securing Windows Server containers
- Deploying, managing, and securing Hyper-V containers
Module 10: Protecting data with encryption
- Planning and implementing encryption
- Planning and implementing BitLocker
Lab : Configuring EFS and BitLocker
- Encrypting and recovering access to encrypted files
- Using BitLocker to protect data
Module 11: Limiting access to file and folders
- Introduction to FSRM
- Implementing classification management and file-management tasks
- Understanding Dynamic Access Control (DAC)
Lab : Configuring quotas and file screening
- Configuring FSRM quotas
- Configuring file screening
Lab : Implementing DAC
- Preparing DAC
- Implementing DAC
Module 12: Using firewalls to control network traffic flow
- Understanding Windows Firewall
- Software-defined distributed firewalls
Lab : Windows Firewall with Advanced Security
- Creating and testing inbound rules
- Creating and testing outbound rules
Module 13: Securing network traffic
- Network-related security threats and connection-security rules
- Configuring advanced DNS settings
- Examining network traffic with Microsoft Message Analyzer
- Securing SMB traffic, and analysing SMB traffic
Lab : Connection security rules and securing DNS
- Creating and testing connection security rules
- Configuring and testing DNSSEC
Lab : Microsoft Message Analyzer and SMB encryption
- Using Microsoft Message Analyzer
- Configuring and verifying SMB encryption on SMB shares
Module 14: Updating Windows Server
- Overview of WSUS
- Deploying updates by using WSUS
Lab : Implementing update management
- Implementing the WSUS server role
- Configuring update settings
- Approving and deploying an update by using WSUS
- Deploying Windows Defender definition updates by using WSUS
- Completado os cursos 20740, 20741 e 20742, ou equivalente.
- Uma compreensão sólida e prática dos fundamentos da rede, incluindo TCP/IP, UDP e DNS.
- Uma compreensão sólida e prática dos princípios do Active Directory Domain Services (AD DS).
- Uma compreensão sólida e prática dos fundamentos de virtualização do Microsoft Hyper-V.
DMOC e Certificado oficial Microsoft.