Table of Contents

Preface

Part 1: Getting Started and Fundamentals

Chapter 1: Fundamentals of Windows Security

Understanding the security transformation

Living in today’s digital world

Today’s threats

Ransomware preparedness

Identifying vulnerabilities

Recognizing breaches

Current security challenges

Focusing on zero trust

Summary

Chapter 2: Building a Baseline

Overview of baselining

Introduction to policies, standards, procedures, and guidelines

Defining policies

Setting standards

Creating procedures

Recommending guidelines

Incorporating change management

Implementing a security framework

Building baseline controls

CIS

Windows security baselines

Comparing policies with Policy Analyzer

Intune's security baselines

Incorporating best practices

Summary

Chapter 3: Hardware and Virtualization

Technical requirements

Physical servers and virtualization

Microsoft virtualization

Hardware security concerns

Virtualization security concerns

Cloud hardware and virtualization

Introduction to hardware certification

The firmware interface, TPM, and Secure Boot

Protecting the BIOS

Understanding UEFI

UEFI Secure Boot

TPK (TPM 2.0)

Isolated protection with VBS

Windows Defender Credential Guard

HVCI

Microsoft Defender Application Guard

Windows Defender System Guard

Kernel DMA Protection

Protecting data from lost or stolen devices

Secure Memory Encryption (AMD)

Total Memory Encryption (Intel TME)

Hardware security recommendations and best practices

Summary

Chapter 4: Networking Fundamentals for Hardening Windows

Technical requirements

Network security fundamentals

Understanding Windows network security

Network baselining

Windows clients

Windows Server

Networking and Hyper-V

Network troubleshooting

Windows Defender Firewall and Advanced Security

Configuring a firewall rule with Group Policy

Web protection features in Microsoft Defender for Endpoint

Using custom indicators

Web content filtering

Blocking connections with network protection

Introducing Azure network security

Controlling traffic with NSGs

Connecting privately and securely to Azure services

Protecting Windows workloads in Azure

Summary

Chapter 5: Identity and Access Management

Technical requirements

Identity and access management overview

Identity

Authentication

Authorization

Accountability

Implementing account and access management

HR and identity management

Integrating directory services

Managing Azure external user access (B2B)

Understanding the Azure cloud administrative roles

Implementing privileged access security tools (PIM, PAM, and JIT)

Securing local administrative accounts

Understanding authentication, MFA, and going passwordless

Securing your passwords

Enabling SSPR

Authenticating with Azure AD from Windows

Enabling SSO for apps with an Azure identity

Configuring MFA

Transitioning to passwordless authentication

Passwordless authentication using Windows Hello

Using Conditional Access and Identity Protection

Enabling Azure AD Conditional Access

Configuring Azure AD Identity Protection

Summary

Part 2: Applying Security and Hardening

Chapter 6: Administration and Policy Management

Technical requirements

Understanding device administration

Device management evolution

Differences between domain join, hybrid, and Azure AD-joined devices

Managing devices with Configuration Manager

Client collections, settings, and communications

Securely deploying clients for Configuration Manager

Connecting to the Azure cloud and Intune co-management

Managing policies and baselines in Configuration Manager

Querying devices with CMPivot

Managing devices with Intune

CSP

MDM versus MAM

Using Intune and Microsoft Endpoint Manager

Managing policies and baselines in Intune

Administering a security baseline

Deploying managed configurations

Summary

Chapter 7: Deploying Windows Securely

Technical requirements

Device provisioning and upgrading Windows

Upgrading Windows

Backing up user data and settings

Building hardened Windows images

Windows ADK

Windows Configuration Designer (WCD)

Using MDT to build custom images

Deploying images with WDS

MDT and Configuration Manager

Provisioning devices with Windows Autopilot

Deployment scenarios

Registering devices with the Autopilot service

Configuring an Autopilot profile

Deploying images to Azure Virtual Desktop

Managing hosts in AVD

Building a master image

Replication with Azure Compute Gallery

Deploying images in Azure

Deploying Windows 365 Cloud PC

Deploying customized or gallery images

Provisioning policies for Cloud PC

Accessing Windows 365 Cloud PCs

Summary

Chapter 8: Keeping Your Windows Client Secure

Technical requirements

Securing your Windows clients

Staying updated with Windows Update for Business

Planning for deployment

Configuring update rings for Windows clients

Pausing update deployments

Managing feature updates and expedited quality updates

Using delivery optimization

Enforcing policies and configurations

Creating security baselines in Configuration Manager

Deploying MDM policies in Intune

Controlling policy conflicts with MDM

Managing Azure AD local device administrators

Enabling BitLocker to prevent data theft

Configuring BitLocker with Intune

Viewing BitLocker recovery keys

Going passwordless with Windows Hello for Business

Enabling Windows Hello for Business

Configuring a device compliance policy

Deploying Windows Security Baselines

Building a GPO using Microsoft Security Baselines

Reviewing CIS recommendations

Converting a GPO into a Configuration Baseline

Deploying security baselines with Intune

Configuring Windows Security features

Configuring a Defender Antivirus baseline

Account protection features

Firewall and network protection

App and browser control

Device security

Setting the Windows Security experience

Summary

Chapter 9: Advanced Hardening for Windows Clients

Technical requirements

Securing enterprise web browsers

Configuring a Microsoft Edge security baseline

Configuring a Google Chrome security baseline

Securing Microsoft 365 apps

Building a security baseline for M365 apps

Advanced protection features with Microsoft Defender

Defense evasion with tamper protection

Protecting against untrusted applications and websites

Reducing the attack surface

Zero trust with Application Guard

Protecting devices with a removable storage access control policy

Summary

Chapter 10: Mitigating Common Attack Vectors

Technical requirements

Preventing an Adversary-in-the-Middle attack

LLMNR

NBT-NS

mDNS

The WPAD protocol

NTLM relay attacks

Preventing IPv6 DNS spoofing

ARP cache poisoning

Protecting against lateral movement and privilege escalation

Preventing resources from being enumerated

Protecting Kerberos tickets

Mitigating OS credential dumping

Preventing user access to the registry

Windows privacy settings

Controlling application privacy permissions

Additional privacy settings

Summary

Chapter 11: Server Infrastructure Management

Technical requirements

Overview of the data center and the cloud (IaaS, PaaS, and SaaS)

Types of data center

Implementing access management in Windows servers

Physical and user access security

Using a tiered model for privileged access

Privileged access strategy

Understanding privileged account management

Access management best practices

Understanding Windows Server management tools

Introducing Server Manager

Looking at Event Viewer

Using WSUS

Introducing Windows Admin Center

Using Azure services to manage Windows servers

The Azure portal and Marketplace

ARM

Implementing RBAC

Using Azure Backup

Leveraging ASR

Introducing Azure Update Management

Understanding Azure Arc

Using Azure Automanage

Connecting securely to Windows servers remotely

Remote management and support tools

Using Microsoft Defender for Cloud JIT access

Connecting with Azure Bastion

Summary

Chapter 12: Keeping Your Windows Server Secure

Technical requirements

Windows Server versions

Security roles in Windows Server

Reducing the Windows Server footprint

Enabling features on Server Core 2022

Configuring Windows updates

Implementing WSUS

Implementing Azure Automation Update Management

Configuring Windows Defender

Connecting to Microsoft Defender for Endpoint

Windows Defender security baseline

Hardening Windows Server

Implementing a security baseline

Hardening tips for Windows Server

Account controls for Windows Server

Securing the logon and authentication process

Enabling Disk Encryption to prevent data theft

Deploying application control policies using WDAC

Implementing PowerShell security

Configuring PowerShell logging

Enabling PowerShell constrained language mode

PowerShell script execution

JEA

Summary

Part 3: Protecting, Detecting, and Responding for Windows Environments

Chapter 13: Security Monitoring and Reporting

Technical requirements

MDE features

The Threat analytics dashboard

The TVM dashboard

Device Inventory dashboard

Device health and compliance

Software inventory report

Security recommendations

Identifying weakness

Reviewing advanced features

Configuring API connectors

Onboarding Windows clients into MDE

Configuring the Microsoft Intune connection

Creating an EDR policy

Creating a machine risk compliance policy

Collecting telemetry with Azure Monitor Logs

Onboarding Windows Servers to Log Analytics

Onboarding Windows clients to Log Analytics

Monitoring solutions and Azure Workbooks

Monitoring with Azure Monitor and activity logs

Secure access to Azure Monitor

Monitoring Azure activity logs

Creating Azure Workbooks

Azure Service Health

Overview of Microsoft Defender for Cloud

Reporting in MEM

Security-focused reports in MEM

Enable Windows Health Monitoring

Using Endpoint analytics

Collecting client-side diagnostic logs

Monitoring update deployments

Reporting in Microsoft Endpoint Configuration Manager

Monitoring the health and update status of Office apps

Microsoft 365 Apps health dashboard

Monitoring Security Update Status 

Viewing the Office Inventory report

Servicing Office apps

Summary

Chapter 14: Security Operations

Technical requirements

Introducing the SOC

Understanding XDR

Using the M365 Defender portal

Improving security posture with Microsoft Secure Score

Security operations with MDE

Role-based access control in MDE

Reviewing incidents and alerts

Automated investigations

Using advanced hunting

Tracking remediation requests

Investigating threats with Defender for Cloud

Enabling Azure-native SIEM with Microsoft Sentinel

Creating the connection

Protecting apps with MDCA

Connecting apps to MDCA

Discovery

Investigate

Configuring policies and controls

Monitoring hybrid environments with MDI

Planning for MDI

Activating your instance

Identifying attack techniques

Looking at the attack timeline

Data protection with M365

Using Microsoft Purview Information Protection

An overview of DLP

WIP

Planning for business continuity

Learning DRP

The importance of a CIRP

Summary

Chapter 15: Testing and Auditing

Technical requirements

Validating security controls

Audit types

SOC reports

Vendor risk management

The Microsoft Service Trust Portal

Microsoft Defender for Cloud regulatory compliance

Microsoft ODA

Other validations

Vulnerability scanning overview

An introduction to vulnerability scanning

Vulnerability scanning with Microsoft Defender for Cloud

The Microsoft 365 Defender portal

Planning for penetration testing

Executing a penetration test

Reviewing the findings

An insight into security awareness, training, and testing

Using attack simulation training with Microsoft 365 Defender

Executing a tabletop exercise

Summary

Chapter 16: Top 10 Recommendations and the Future

The 10 most important to-do's

Implementing identity protection and privileged access

Enact a Zero Trust access model

Define a security framework

Get current and stay current

Make use of modern management tools

Certify your physical hardware devices

Administer network security

Always encrypt your devices

Enable XDR protection beyond EDR

Deploy security monitoring solutions

Notable mentions

The future of device security and management

Security and the future

Summary

Other Books You May Enjoy