Some time back I wrote about doing Visual Studio development with an Azure Virtual Machine (VM). In that article, I showed how you can setup a Windows VM for Development purposes to extend your local development machine with the help of the cloud. In this article, I want to share some tips I’ve found in how to setup a Linux VM in Azure that you can use for similar purposes. Read More
Server and Virtual Machine (VM) security is an increasingly important topic in IT. With the adoption of both Public and Private Cloud environments the landscape of server security has been changing as systems become increasingly connected; especially across networks and even the Internet. The Securing Windows Server 2016 (70-744) certification exam will test and measure your expertise in securing and hardening server and VMs running Windows Server 2016; whether their on-premises, or in Public or Private Cloud environments.
Certification Target Audience
The focus on the Securing Windows Server 2016 (70-744) certification exam is centered around Windows Server 2016 Security; such as hardening server environments, securing Virtual Machine infrastructure using Shielded and encryption-supported VMs and Guarded Fabric. The exam is designed to target candidates who are IT Pros and infrastructure professionals that are tasked with configuring and securing Windows Server 2016 environments On-Premises and in Virtual Machine (VM) environments including both the Public and Private Cloud.
Here is a high level list of the skills and objectives measured on this exam. The percentages next to each of the high level objectives represents the percentage of exam questions that will be targeted towards that specific objective area.
- Implement disk and file encryption (25-30%)
- Configure disk and file encryption
- Implement server patching and updating solutions
- Implement malware protection
- Protect credentials
- Create security baselines
- Secure a virtualization infrastructure (5-10%)
- Implement a Guarded Fabric solutions
- Implement Shielded and encryption-supported VMs
- Secure a network infrastructure (10-15%)
- Configure Windows Firewall
- Implement a software-defined Distributed Firewall
- Secure network traffic
- Manage privileged identities (25-30%)
- Implement an Enhanced Security Administrative Environment (ESAE) administrative forest design approach
- Implement Just-in-Time (JIT) Administration
- Implement Just-Enough-Administration (JEA)
- Implement Privileged Access Workstations (PAWs) and User Rights Assignments
- Implement Local Administrator Password Solution (LAPS)
- Implement threat detection solutions (15-20%)
- Configure advanced audit policies
- Install and configure Microsoft Advanced Threat Analytics (ATA)
- Determine threat detection solutions using Operations Management Suite (OMS)
- Implement workload-specific security (5-10%)
- Secure application development and server workload infrastructure
- Implement a secure file services infrastructure and Dynamic Access Control (DAC)
When studying for this exam, you’ll definitely want to look at the official exam page from Microsoft for the full list of exam objectives. You’ll need to be sure to study every one of them that will be measured on the exam.
The Securing Windows Server 2016 (70-744) exam covers a lot of smaller objective areas in comparison to many other certification exams. There are a lot of topic areas to study around Security Windows Server 2016! Fortunately there is an Exam Reference book available from Microsoft Press targeted towards studying for this specific exam.
Here’s a short description of the Exam Reference book:
Prepare for Microsoft Exam 70-744–and help demonstrate your real-world mastery of securing Windows Server 2016 environments. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level.
Focus on the expertise measured by these objectives:
- Implement server hardening solutions
- Secure a virtualization infrastructure
- Secure a network infrastructure
- Manage privileged identities
- Implement threat detection solutions
- Implement workload-specific security
This Microsoft Exam Ref:
- Organizes its coverage by exam objectives
- Features strategic, what-if scenarios to challenge you
- Assumes you have experience as a Windows Server administrator and an understanding of basic networking and Hyper-V virtualization fundamentals, Active Directory Domain Services principles, and Windows Server security principles
There are many different Virtual Machine (VM) images available in the Azure Marketplace. Just login to the Azure Portal, search the Azure Marketplace for the VM image you need, and create it on your subscription. This is the easiest way to setup a VM that you can then remote into without needing to setup any hardware. Plus, when you’re done you can just delete it. Read More
At the heart of the Microsoft Cloud are servers, networks, Internet connections, and much, much more! These data centers share a lot of qualities with traditional Enterprise data centers; such as fire suppression, humidity control, temperature control and more.
One major difference between the traditional Enterprise data center is that Microsoft uses Containers (called ITPACs) to build out it’s data centers. These Containers are Shipping Containers fitted with all the necessary climate control, networking, server racks and other hardware necessary to be a “mini” data center all in one. Then many of these are connected together within on of Microsoft’s Azure data centers to build out the full data centers. Read More