Chapter 12: Keeping Your Windows Server Secure
In this chapter, we will discuss best-practice recommendations for hardening Windows Server. We will review the available Windows Server versions, cover new security features in Windows Server 2022, and discuss the built-in roles and features that add functionality to server deployments. Next, we will cover onboarding Windows Server into Microsoft Defender for Endpoint to enable endpoint detection and response (EDR) capabilities and deploy Windows Defender security baselines. Then, we will review deploying security updates with Windows Server Update Services (WSUS) and Azure Automation Update Management. Keeping servers updated with the latest patches and virus definitions could be considered by many the number 1 recommendation for overall hardening. It also requires the most operational overhead, and these two technologies are foundational in that regard.
Next, we will cover the security controls on Windows Server by implementing...