Hybrid Cloud Blog


We designed Windows Server 2016 from an “assume breach” posture. Yes, we want to build the most secure servers, and we have taken some giant steps forward when it comes to breach resistance, but we have also built in some new capabilities to mitigate the risk of breaches when they do happen.

Two new Microsoft Virtual Academy courses will teach you how to use new capabilities in Windows Server 2016 to protect virtual machines, and to mitigate the risk of breaches when they do happen:

  • Windows Server 2016 Breach Resistance for Your Operating System and Applications: Look at common attack timelines and scenarios, along with attacker access. Explore the concept of extending the time between an attacker’s initial breach and when they take control of an organization, giving data security professionals time to detect, respond, and root out the intruder. See how to protect against pass-the-hash attacks using Credential Guard, how to lock down your server using Device Guard, and how you can better detect and investigate threats using new audit events that are triggered by malicious activity.
  • Deploying Shielded VMs in a Windows Server 2016 Guarded Fabric: Start with a look at the Host Guardian Service (HGS), and then learn to configure Trusted Platform Module–based (TPM-based) attestation on the Hyper-V host. Create baseline security policies and Hypervisor-enforced Code Integrity policies, and configure HGS to attest to them. Plus, get the details on signing trustworthy template disks, creating shielding data, and deploying Shielded VMs.

Attackers can get inside your organization in multiple ways, burrow deeper before detection, and eventually take control. Windows Server 2016 helps protect administrative credentials, protect the applications running on devices, and detect when something bad is happening so you stop it faster.

To learn more, check out these two Microsoft Virtual Academy courses today. They are both free and each one runs about one hour in length.