Preface

Throughout this book, you will be provided with the knowledge needed to protect your Windows environment and the users that access it. The book will cover a variety of topics that go beyond the hardening of just the operating system to include the management of devices, baselining, hardware, virtualization, networking, identity management, security operations, monitoring, auditing, and testing. The goal is to ensure that you understand the foundation of, and multiple layers involved in, providing improved protection for your Windows systems.

Since this book focuses on security, it's important to understand the core principles that form an information security model. These principles are known as the CIA triad, which stands for confidentiality, integrity, and availability. If you have pursued a security certification, such as the CISSP or Security+ certifications, you will be very familiar with this model. If not, it is recommended that you familiarize yourself with them as a security professional. This book will not go into detail about the CIA triad, but the concepts provided in this book will support the foundation of ensuring the confidentiality, integrity, and availability of information on the Windows systems you manage. At a high level, CIA means the following:

• Confidentiality involves ensuring that no one other than those who are authorized to can access information.
• Integrity involves ensuring that the information being protected is original and has not been modified without the correct authorization.
• Availability involves ensuring that information is always available when access is needed.

This book is split into three sections to help guide you and provide the understanding and knowledge that's needed to implement a solid Windows security foundation within your organization. The first section will cover getting started and foundations for Windows security. The second section will focus on applying security and hardening with the third section providing information to protect, detect, and respond for Windows environments.

Who this book is for

This book is intended to educate the technical and security community, which includes the following roles:

• Microsoft security, cloud, and technical roles, such as engineers, analysts, architects, and administrators
• Anyone involved in the management of a Windows environment
• All technical-related security roles
• Technical/security managers and directors

What this book covers

Chapter 1, Fundamentals of Windows Security, introduces the security world within IT and the enterprise. It covers how security is transforming the way we manage technology and discuss threats and breaches. We will look at the challenges organizations currently face and discuss a concept known as zero trust.

Chapter 2, Building a Baseline, provides an overview of baselining and the importance of building a standard that's approved by leadership and adopted by everyone. We will cover what frameworks are and provide an overview of the more common frameworks used in securing and hardening an environment. We will then look at operational best practices within enterprises and cover the importance of change management to ensure that anything that falls outside the scope of policy receives the correct approvals.

Chapter 3, Hardware and Virtualization, provides an overview of physical servers and virtualization. The chapter will cover hardware certification, enhancements in hardware security, and virtualization-based security concepts to secure and harden devices, including overviews of BIOS, UEFI, TPM 2.0, and Secure Boot.

Chapter 4, Networking Fundamentals for Hardening Windows, provides an overview of networking components and their role in hardening and securing your Windows environment. You will learn about the software-based Windows Defender Firewall and how to configure it on Windows devices. Additionally, you will be provided with knowledge of network security technology from Microsoft as it relates to Windows VMs running in Azure.

Chapter 5, Identity and Access Management, provides a comprehensive overview of identity management and the importance it plays in securing Windows systems. Identity has become the foundation of securing users – this chapter will cover everything you need to do within the identity and access management area. We will provide details on account and access management, authentication, MFA, passwordless authentication, conditional-based access controls, and identity protection.

Chapter 6, Administration and Policy Management, provides details about different methods for the administration and modern management of Windows endpoints. You will be provided with the knowledge needed to ensure best practices are applied, looking at topics around enforcing policies and security baselines with Configuration Manager and Intune.

Chapter 7, Deploying Windows Securely, provides an overview of the end user computing landscape. We will discuss device provisioning, upgrading Windows, and building hardening images. You will learn about modern methods used to deploy Windows using Intune and Windows Autopilot and deploying images in virtualized Windows environments.

Chapter 8, Keeping Your Windows Client Secure, covers Windows clients and the concepts used to keep them secure and updated. You will learn how to stay updated with Windows Updates for Business, protect data with BitLocker encryption, enable passwordless sign-in with Windows Hello for Business, and how to enforce policies, configurations, and security baselines.

Chapter 9, Advanced Hardening for Windows Clients, provides a comprehensive review of advanced hardening configurations that are applied to Windows clients to protect enterprise browsers, secure Microsoft 365 apps, and apply zero-trust security principals to reduce the attack surface. You will learn advanced techniques for applying policies to third-party products using Intune, how to enable advanced features of Microsoft Defender to protect against unwanted apps and ransomware, and how to enable hardware-based virtualized isolation for Microsoft Edge and Office. You will also learn how to enable a removable storage access control policy to protect against data loss with removable media.

Chapter 10, Mitigating Common Attack Vectors, covers common attack techniques used by attackers to intercept communications and try to move laterally throughout the network. You will learn about different types of adversary-in-the-middle attacks and how to prevent them, as well as ways to protect against lateral movement and privilege escalation through Kerberos tickets. You will also learn about using Windows privacy settings to safeguard users' privacy from apps and services that run on Windows clients.

Chapter 11, Server Infrastructure Management, provides an overview of the data center and cloud models that are used today. We will then go into detail on each of the current models as they pertain to the cloud and review secure access management to Windows Server. We will also provide an overview of Windows Server management tools, as well as Azure services for managing Windows servers.

Chapter 12, Keeping Your Windows Server Secure, looks at the Windows Server OS and introduces server roles and the security-related features of Windows Server 2022. You will learn about the techniques used to keep your Windows Server secure by implementing Windows Server Update Services (WSUS), Azure Update Management, onboarding machines to Microsoft Defender for Endpoint, and enforcing a security baseline. You will also learn how to implement application control policies and PowerShell security.

Chapter 13, Security Monitoring and Reporting, talks about the different tools available to collect telemetry data, as well as insights and recommendations for securing your environment. This chapter will inform you about the ways in which to act on these recommendations. The technologies covered include Microsoft Defender for Endpoint, Azure Log Analytics, Azure Monitor, and Microsoft Defender for Cloud.

Chapter 14, Security Operations, talks about the security operations center (SOC) in an organization and discusses the various tools used to ingest and analyze data to detect, protect, and alert you to incidents. The technologies covered include Extended Detection and Response (XDR), the Microsoft 365 Defender Portal, Microsoft Defender for Cloud Apps, Defender for Cloud, Microsoft Sentinel, and Microsoft Defender Security Center. This chapter also talks about data protection with Microsoft 365 and the importance of ensuring that up-to-date business continuity and disaster recovery plans are in place.

Chapter 15, Testing and Auditing, discusses validating that controls are in place and enforced. You will learn about the importance of continual vulnerability scanning and the importance of penetration testing to ensure that the environment is assessed in terms of protecting against the latest threats.

Chapter 16, Top 10 Recommendations and the Future, provides recommendations and actions to take away after reading this book. It also provides some insight into the direction that device security and management is headed, as well as insights into our thoughts on the importance of security in the future.

To get the most out of this book

We will primarily focus on the most current versions of Windows available today, including Windows Server 2022, Windows 11, and the resources available within Microsoft Azure. We understand migrating to the latest Windows OS and shifting workloads from on-premises to the cloud is not an overnight task and may take years. In general, the concepts we provide throughout this book can be used within most configurations of Windows but could vary slightly depending on the build or version. Upgrading to the latest supported versions of Windows is critical to provide for the effective hardening of your systems and should be a driving factor to push your migrations forward. It is strongly encouraged to upgrade as soon as possible as Microsoft will no longer release security patches or offer support for deprecated versions.

To get the most out of this book, the following items will be needed to follow along with any provided examples. Thanks to cloud technology, you will be able to quickly enable an environment to build the infrastructure and foundation needed to support your journey throughout this book.

It is recommended that you set up an Office 365 subscription (add your own custom domain), which will in turn create an Azure Active Directory (AAD) tenant. Once the AAD tenant has been set up, this will allow you to add an Azure subscription to begin consuming Azure resources tied to your Office 365 subscription and your custom domains.

Office 365 E5 30-day free trial: https://go.microsoft.com/fwlink/p/?LinkID=698279&culture=en-US&country=US

Azure Account with $200 credit for 30 days: https://azure.microsoft.com/en-us/free/

Cloud subscriptions required:

• An Azure subscription
• Microsoft Enterprise E5 (M365 E5 includes Intune licensing, Microsoft Defender for Endpoint, and Windows Enterprise)
• An Intune subscription and license
• Windows 10 E3 or E5
• Enterprise Mobility + Security E3 or E5 (includes Azure AD Premium P2)

Permissions:

• Global administrator rights to your Office 365 subscription
• Owner role or appropriate RBAC to your Azure subscription to deploy resources
• Domain admin rights on your domain controller or equivalent rights to modify Group Policy

Azure resources:

• Azure VMs (Windows 11 and Windows Server 2022 Core and Desktop versions from Marketplace)
• A virtual network, subnet, network security group, and resource group
• AAD
• Defender for Cloud
• Microsoft Sentinel
• Azure Bastion
• Microsoft Defender for Cloud Apps
• Azure Log Analytics workspace
• Azure Automation account
• Azure Update Management
• Azure Privileged Identity Management

Applications, tools, and services:

• PowerShell (version 5.1 recommended) with the AAD module and the Azure PowerShell Az module
• Text viewer to edit and open JSON files
• Windows Assessment and Deployment Kit
• Windows Deployment Services (Windows Server roles and features)
• Microsoft Deployment Toolkit
• Microsoft Endpoint Manager (Configuration Manager) hierarchy
• Windows 2016 Active Directory and domain functional level
• Microsoft Security Compliance Toolkit
• Windows Server Update Services (WSUS)
• Windows 10+ Pro/Enterprise, Windows Server 2016+ Core/Datacenter

All licensing and pricing is subject to change by Microsoft. Additionally, many of the products that are mentioned are covered under a license bundle, or available à la carte if you only want to enable a small subset of features.

For information about licensing Microsoft 365, visit this link:

https://www.microsoft.com/en-us/microsoft-365/compare-microsoft-365-enterprise-plans

To compare the different products available in the Microsoft 365 plans, visit this link:

https://www.microsoft.com/en-us/microsoft-365/compare-microsoft-365-enterprise-plans

For AAD pricing and features, visit this link:

https://azure.microsoft.com/en-us/pricing/details/active-directory/

If you are using the digital version of this book, we advise you to type the code yourself. Doing so will help you avoid any potential errors related to the copying and pasting of code. 

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://packt.link/jSZjR

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Open the registry editor, go to the HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp registry subkey, and look for the DWORD port number."

A block of code is set as follows:

If (!($NBTNS.NetbiosOptions -eq "2")){ $NBTNSCompliance = "No" } Else { $NBTNSCompliance ="Yes" }

Code output or a command-line entry is set as follows:

Get-CimInstance -ClassName Win32_DeviceGuard -Namespace rootMicrosoftWindowsDeviceGuard

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select Port as the rule type to create and click Next. Select TCP and enter 65001 in the box to specify Specific local ports and click Next."

Tips or Important Notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, click Submit Errata, and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read Mastering Windows Security and Hardening, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.