Building VM template using Assigned Access

Since it took me a couple of attempts to create VM templates for Azure portal management and Remote Desktop (in order to make them available for the TAP evaluation), I thought it best to share the process, so you can build your own customized image.  My goal is to create a PAW VM that offers…


Why use shielded VMs for your privileged access workstation (PAW) solution?

It’s great to see customers trying out PAWs and it’s generating a lot of great questions. Many questions are related to shielded VMs so I’d like to focus this blog post on sharing our reasoning for building the PAW solution on shielded VMs. Running virtual machines (VMs) on Windows client is not new, but running…


Improved branch office support for shielded VMs in Windows Server, version 1709

Companies with large branch offices often must make a tradeoff between user experience and security. To increase employee productivity, it may make sense to deploy replicas of certain applications like Active Directory Domain Controllers or file servers in a branch office. But with limited — if any — IT resources at the remote location, how…

0

How to deploy a VM template for PAW

Continuing with the PAW series, after you followed the previous blog to build the PAW device, you can now deploy PAW VMs on it. There are two types of VMs you can create: Desktop VM: this is a standard VM, dedicated for user productivity workload. It is typically joined to your org production domain. You…


PAW host buildout

Continuing with the PAW series, in this blog post, I’d like to share the details of what we are planning to configure the host. I’d love to hear your thoughts, feedback about the design. For a recap on the PAW overall solution, you can find it in this blog post. The PAW host is designed…


Privileged Access Workstation(PAW)

At Ignite conference last month, Dean and I presented a session on PAW. Originally we were planning to just talk about the concept of PAW and how it is deployed in Microsoft. A week before the conference, we decide to share our early design based on the Windows 10 1709 release, so that we can…


Frequently Asked Questions About HGS Certificates

The Host Guardian Service uses public key cryptography extensively to protect shielded VMs from attackers. Any time certificates with public-private key pairs come into play, there are bound to be many questions about how to properly set up and protect those certificates. This blog hopes to clarify the most common questions our team is asked…

0

Credential Guard lab companion

If you have heard about Credential Guard in Windows Server 2016 (and in Windows 10), but do not have an environment to try it out, here is a lab environment we built for you to play. Lab access The link will lead you to a sign up page, after that, you will see the following…


Leverage PowerShell Just Enough Administration for your Helpdesk

[Today’s guest post was authored by Dan Cuomo based on a real-world application of JEA] Hi Folks — Platforms PFE Dan Cuomo here to talk about one method to enable the use of Just Enough Administration for your helpdesk administrators. If you’re security conscious, you’re no doubt in a constant struggle to try and lower the…

2

Rest easy with regulatory compliance in Windows Server 2016

[This blog post was originally published at: https://blogs.technet.microsoft.com/hybridcloud/2017/04/11/rest-easy-with-regulatory-compliance-in-windows-server-2016/] Last month we learned that Windows Server 2016 has achieved Common Criteria certification for the General Purpose OS protection profile. This international standard is especially important for our customers in the public sector, where Common Criteria certification is highly recommended or even required. That’s why Microsoft has…