Improved branch office support for shielded VMs in Windows Server, version 1709

Companies with large branch offices often must make a tradeoff between user experience and security. To increase employee productivity, it may make sense to deploy replicas of certain applications like Active Directory Domain Controllers or file servers in a branch office. But with limited — if any — IT resources at the remote location, how…

0

How to deploy a VM template for PAW

Continuing with the PAW series, after you followed the previous blog to build the PAW device, you can now deploy PAW VMs on it. There are two types of VMs you can create: Desktop VM: this is a standard VM, dedicated for user productivity workload. It is typically joined to your org production domain. You…


PAW host buildout

Continuing with the PAW series, in this blog post, I’d like to share the details of what we are planning to configure the host. I’d love to hear your thoughts, feedback about the design. For a recap on the PAW overall solution, you can find it in this blog post. The PAW host is designed…


Privileged Access Workstation(PAW)

At Ignite conference last month, Dean and I presented a session on PAW. Originally we were planning to just talk about the concept of PAW and how it is deployed in Microsoft. A week before the conference, we decide to share our early design based on the Windows 10 1709 release, so that we can…


Frequently Asked Questions About HGS Certificates

The Host Guardian Service uses public key cryptography extensively to protect shielded VMs from attackers. Any time certificates with public-private key pairs come into play, there are bound to be many questions about how to properly set up and protect those certificates. This blog hopes to clarify the most common questions our team is asked…

0

Credential Guard lab companion

If you have heard about Credential Guard in Windows Server 2016 (and in Windows 10), but do not have an environment to try it out, here is a lab environment we built for you to play. Lab access The link will lead you to a sign up page, after that, you will see the following…


Leverage PowerShell Just Enough Administration for your Helpdesk

[Today’s guest post was authored by Dan Cuomo based on a real-world application of JEA] Hi Folks — Platforms PFE Dan Cuomo here to talk about one method to enable the use of Just Enough Administration for your helpdesk administrators. If you’re security conscious, you’re no doubt in a constant struggle to try and lower the…

2

Rest easy with regulatory compliance in Windows Server 2016

[This blog post was originally published at: https://blogs.technet.microsoft.com/hybridcloud/2017/04/11/rest-easy-with-regulatory-compliance-in-windows-server-2016/] Last month we learned that Windows Server 2016 has achieved Common Criteria certification for the General Purpose OS protection profile. This international standard is especially important for our customers in the public sector, where Common Criteria certification is highly recommended or even required. That’s why Microsoft has…


Shielded VMs – additional considerations when running a guarded fabric

So you’ve deployed a guarded fabric and your VMs are running happily.  Having now reached that perfect steady state, let’s have a look at the operational and administrative differences relative to a regular fabric.  The purpose of this blog isn’t to exhaustively walk you through some mundane day-to-day set of administrative or operational duties, rather, I…

1

Shielded VMs: A conceptual review of the components and steps necessary to deploy a guarded fabric

[This post was authored by Dean Wells, Principal Program Manager on the Windows Server team] If you’re anything like me, you probably find it immensely helpful having an end-to-end conceptual view of what you’re doing before actually doing it–that’s the purpose of this blog. Deploying a guarded fabric involves several new concepts so, in this…

0