Datacenter and Private Cloud Security Blog

News and technical content around Windows Server Security and other Datacenter and Private Cloud Security technologies

What is new in Windows 10 1803 for PAW?

In this blog post, I’ll walk you through the new features which are relevant to the PAW solution in...

Author: Jian (Jane) Yan[MSFT] Date: 06/08/2018

Apply Code Integrity Policy without reboot

There is a new Code Integrity policy option introduced in Windows 10, and it is available in Windows...

Author: Jian (Jane) Yan[MSFT] Date: 04/27/2018

Connect to Virtual Machines (VMs) on PAW

Continuing the PAW series, this blog post discusses the options to connect to the VMs running on the...

Author: Jian (Jane) Yan[MSFT] Date: 04/12/2018

Default Code Integrity policy for Windows Server

After Windows Defender Application Control (WDAC, formerly known as Code Integrity) was released in...

Author: Jian (Jane) Yan[MSFT] Date: 03/10/2018

Shielded VM local mode and HGS mode

With the new capability in Windows 10, version 1709, Windows Client can host shielded VMs while...

Author: Jian (Jane) Yan[MSFT] Date: 01/05/2018

Building VM template using Assigned Access

Since it took me a couple of attempts to create VM templates for Azure portal management and Remote...

Author: Jian (Jane) Yan[MSFT] Date: 11/30/2017

Why use shielded VMs for your privileged access workstation (PAW) solution?

It’s great to see customers trying out PAWs and it’s generating a lot of great questions. Many...

Author: Jian (Jane) Yan[MSFT] Date: 11/29/2017

Improved branch office support for shielded VMs in Windows Server, version 1709

Companies with large branch offices often must make a tradeoff between user experience and security....

Author: Ryan Puffer Date: 11/15/2017

How to deploy a VM template for PAW

Continuing with the PAW series, after you followed the previous blog to build the PAW device, you...

Author: Jian (Jane) Yan[MSFT] Date: 11/01/2017

Privileged Access Workstation(PAW)

At Ignite conference last month, Dean and I presented a session on PAW. Originally we were planning...

Author: Jian (Jane) Yan[MSFT] Date: 10/13/2017

Frequently Asked Questions About HGS Certificates

The Host Guardian Service uses public key cryptography extensively to protect shielded VMs from...

Author: Ryan Puffer Date: 10/09/2017

Credential Guard lab companion

If you have heard about Credential Guard in Windows Server 2016 (and in Windows 10), but do not have...

Author: Jian (Jane) Yan[MSFT] Date: 05/15/2017

Leverage PowerShell Just Enough Administration for your Helpdesk

[Today's guest post was authored by Dan Cuomo based on a real-world application of JEA] Hi Folks --...

Author: Ryan Puffer Date: 04/24/2017

Rest easy with regulatory compliance in Windows Server 2016

[This blog post was originally published at:...

Author: Vinicius Apolinario Date: 04/24/2017

Shielded VMs – additional considerations when running a guarded fabric

So you’ve deployed a guarded fabric and your VMs are running happily.  Having now reached that...

Author: Dean Wells Date: 04/21/2017

Shielded VMs: A conceptual review of the components and steps necessary to deploy a guarded fabric

[This post was authored by Dean Wells, Principal Program Manager on the Windows Server team] If...

Author: Ryan Puffer Date: 03/14/2017

Step by Step: Creating a JEA endpoint for DNS management

Just Enough Administration (JEA) provides a way for administrators to delegate certain admin tasks...

Author: Ryan Puffer Date: 03/07/2017

Join Host Guardian Servers to an existing bastion forest

Shielded VM prevents unauthorized access from the host. To achieve this security assurance, there...

Author: Jian (Jane) Yan[MSFT] Date: 03/07/2017

Why you should not enable Credential Guard on Domain Controllers?

Credential guard protects the credential derivatives like NTLM hash and Kerberos tickets; this...

Author: Jian (Jane) Yan[MSFT] Date: 02/21/2017

Use Windows Server 2016 to secure a jump server

When talking to customers about the security features in Windows Server 2016, a common question...

Author: Jian (Jane) Yan[MSFT] Date: 02/02/2017

Windows Server 2016 security auditing for enhanced threat detection

Windows Server 2016 includes new audit events to help with early detection of malicious activity in...

Author: Jian (Jane) Yan[MSFT] Date: 01/30/2017

Windows Server 2016 security sessions at Microsoft Ignite 2016

If you're going to Ignite next week, you don't want to miss the Windows Server 2016 security...

Author: Vinicius Apolinario Date: 09/22/2016

Overview of Device Guard in Windows Server 2016

With thousands of new malware released every day, it may not be sufficient to only use...

Author: Jian (Jane) Yan[MSFT] Date: 09/20/2016

Step by Step: Shielding existing VMs without VMM

Continuing on the topic of Shielded VMs from my last blog on creating shielded VMs, this blogpost...

Author: Jian (Jane) Yan[MSFT] Date: 09/01/2016

Reduce the number of admins on your servers with Just Enough Administration

Least Privilege As part of your information security strategy, you are probably familiar with the...

Author: Ryan Puffer Date: 08/29/2016

Host Guardian Service - AD-based vs. TPM-based attestation

[This post is authored by Dean Wells, Principal Program Manager for the Windows Server Security...

Author: Vinicius Apolinario Date: 08/16/2016

Step-by-step: Quick reference guide to deploying guarded hosts

My original blog post on the topic of deploying Shielded VMs without VMM included the instructions...

Author: Jian (Jane) Yan[MSFT] Date: 06/08/2016

Step by Step - Shielded VM Recovery

Shielded VMs protect the data and state of a Virtual Machine against inspection, theft and tampering...

Author: Jian (Jane) Yan[MSFT] Date: 06/07/2016

A closer look at shielded VMs in Windows Server 2016

[This blog post was originally published in the Windows Server Blog] This post was authored by Jeff...

Author: Vinicius Apolinario Date: 05/10/2016

Overview of Host Guardian Service (HGS) Diagnostics

[This post is authored by Jim Hughes, Software Engineer for the Windows Server Team] The Host...

Author: Vinicius Apolinario Date: 05/04/2016

Step by Step - Configuring Key Protection for the Host Guardian Service in Windows Server 2016

[This post is authored by Sumesh Kumar, Program Manager for the Enterprise and Security Product...

Author: Vinicius Apolinario Date: 03/28/2016

Step by Step - Creating Shielded VMs

[This post is authored by Dean Wells, Principal Program Manager for the Windows Server Security...

Author: Vinicius Apolinario Date: 03/23/2016

Step by Step - Configuring Guarded Hosts with Virtual Machine Manager 2016

[This post is authored by John Patterson, Program Manager for the System Center Product Team] In...

Author: Vinicius Apolinario Date: 03/21/2016

Step by Step - Configuring the Host Guardian Service in Windows Server 2016

For the most up-to-date installation instructions, check out our official documentation at...

Author: Vinicius Apolinario Date: 03/16/2016

What are Shielded VMs in Windows Server 2016 Hyper-V?

As Information Technology became the norm, companies have been forced to invest tremendous amounts...

Author: Vinicius Apolinario Date: 03/14/2016

Check us out on YouTube!

In addition to the newly created Datacenter and Private Cloud Security Blog, the team is publishing...

Author: Vinicius Apolinario Date: 02/24/2016

Securing Privileged Access - A practical approach

Securing privileged access is a critical first step to establishing security assurances for business...

Author: Vinicius Apolinario Date: 02/23/2016

Private Cloud Security at the RSA Conference

The RSA Conference takes place next week from Feb-29th to Mar-04th in San Francisco and Microsoft...

Author: Vinicius Apolinario Date: 02/22/2016