Credential Guard lab companion

If you have heard about Credential Guard in Windows Server 2016 (and in Windows 10), but do not have an environment to try it out, here is a lab environment we built for you to play. Lab access The link will lead you to a sign up page, after that, you will see the following…


Why you should not enable Credential Guard on Domain Controllers?

Credential guard protects the credential derivatives like NTLM hash and Kerberos tickets; this TechNet article has a very detailed explanation as well as deployment guidelines. There was a recent change in this article to call out the following: Warning Enabling Credential Guard on domain controllers is not supported. The domain controller hosts authentication services which…


Use Windows Server 2016 to secure a jump server

When talking to customers about the security features in Windows Server 2016, a common question keeps coming up, how do I secure my jump server? Recently, I worked with a Microsoft internal team to deploy Windows Server 2016 on their jump server; I thought it is a good use case to share. Why is it…


Windows Server 2016 security auditing for enhanced threat detection

Windows Server 2016 includes new audit events to help with early detection of malicious activity in your datacenter. You can find the complete list of the events from this reference paper, and new events in Windows Server 2016 here under the Security auditing section. In this blog post, I would like to highlight a few…


Overview of Device Guard in Windows Server 2016

With thousands of new malware released every day, it may not be sufficient to only use signature-based detection to fight against malware. Device Guard on Windows Server 2016 changes from a mode where apps are trusted unless blocked by an antivirus or other security solution, to a mode where the operating system trusts only apps…


Securing Privileged Access – A practical approach

Securing privileged access is a critical first step to establishing security assurances for business assets in a modern organization. The security of most or all business assets in an organization depends on the integrity of the privileged accounts that administer and manage IT systems. Cyber-attackers are targeting these accounts and other elements of privileged access…