Preface – Mastering Windows Security and Hardening


Throughout this book, you will be provided with the knowledge needed to protect your Windows environment and the users that access it. It will cover a variety of topics that go beyond the hardening of just the operating system, including the management of devices, baselining, hardware, virtualization, networking, identity management, security operations, monitoring, auditing, and testing. The goal is to ensure that you understand the foundation of and multiple layers involved in providing improved protection for your Windows systems.

Since this is a book about security, it's important to understand what the core principles are that form an information security model and foundation. These principles are known as the CIA triad, which represents confidentiality, integrity, and availability. If you have pursued a security certification, such as the CISSP or Security +, certification for example, you will be very familiar with this model. If not, it is recommended that you familiarize yourself with it as a security professional. This book will not go into detail about the CIA triad but, as with any security, the concepts provided in this book will help you to ensure the confidentiality, integrity, and availability of information on the Windows systems you manage. At a high level, CIA represents the following:

  • Confidentiality involves ensuring that no one other than those authorized access information.
  • Integrity involves ensuring that the information being protected is original and has not been modified without the correct authorization.
  • Availability involves ensuring that information is always available when access is needed.

The book is split into three sections to help guide you and provide the understanding and knowledge needed to implement a solid Windows security foundation within your organization. The first section provides an overview of the fundamentals, including an overview of the management tools for the Windows server and client environment, and a review of the management models used to manage Windows systems and the importance of each of them. This section will also cover the concept of baselining and the importance of following a standard with defined procedures and processes that have leadership support and sign-off.

In the second section, we will dive into the technical aspects of what is needed to apply security and hardening to your Windows environment. This section will not only provide the technical details of how to harden both the Windows server and client OS, but we will review all the different management scenarios and the importance of administration and remote management from a security standpoint. Most importantly, ensuring secure administration and the remote management of your Windows systems is vital. We will review the networking components as they relate to the hardening of Windows and then provide information about identity and access management and how critical the protection of identity has become in the digital world today.

The final section provides more of an operational focus on how to best protect and monitor your Windows environment. It is critical for your security program to not only implement the recommended security controls but validate that controls are in place. To do this effectively, we need to perform auditing and testing against the configurations implemented to harden Windows environments. In addition, it's just as important to monitor environments and provide reporting. We will look at an in-depth overview of the security operations program and discuss the tools that can be used for efficient incident management.

We will primarily focus on the most current versions of Windows available today, including Windows Server 2019, Windows 10, and the resources available within Microsoft Azure. We understand migrating to the latest Windows OS and shifting workloads from on-premises to the cloud is not an overnight task and may take years. In general, the concepts we provide throughout this book can be used within most configurations of Windows but could vary slightly depending on the build or version. Upgrading to the latest version of Windows is critical to the overall hardening of your systems and should be a driving factor to push your migrations forward. It is strongly recommended to upgrade as soon as possible as Microsoft will no longer release security patches or offer support for deprecated versions.

Who this book is for

This book is intended to educate the technical and security community, which includes the following roles:

  • Microsoft security, cloud, and technical roles such as engineers, analysts, architects, and administrators
  • Anyone involved with the management of a Windows environment
  • All technical related security roles
  • Technical/security managers and directors

What this book covers

Chapter 1, Fundamentals of Windows Security, provides an introduction to the security world within IT and enterprises. We will cover how security is transforming the way we manage technology and discuss threats and breaches that are relevant today. We will look at current challenges and discuss a concept known as zero trust.

Chapter 2, Building a Baseline, provides an overview of baselining and the importance of building a standard to be approved by leadership and adopted by everyone. We will cover what frameworks are and provide an overview of the more common frameworks for security and hardening an environment. We will then look at best practices within enterprises and cover the importance of change management to ensure that anything that falls outside the scope of policy receives the correct approvals.

Chapter 3, Server Infrastructure Management, provides an overview of the data center and cloud models that are used today. We will then go into detail on each of the current models as they pertain to the cloud and review secure access management to Windows Server. We will also provide an overview of Windows Server management tools, as well as Azure services for managing Windows servers.

Chapter 4, End User Device Management, provides an overview of the end user computing landscape. We will discuss the evolution of device management and review some major models that have emerged over the years. You will learn the importance of a centralized management solution as it pertains to security and how device management solutions are critical for a robust and compliant model. The management solutions covered include device imaging, Windows Autopilot, Microsoft Endpoint Configuration Manager (formerly SCCM), Intune Mobile Device Management (MDM), and Microsoft Endpoint Manager Admin Center.

Chapter 5, Hardware and Virtualization, provides an overview of physical servers and virtualization. The chapter will cover hardware certification, enhancements in hardware security, and Virtualization-Based Security (VBS) concepts to secure and harden devices, including BIOS, UEFI, TPM 2.0, Secure Boot, and advanced protection with VBS.

Chapter 6, Network Fundamentals for Hardening Windows, provides an overview of networking components and how they play a big role in hardening and securing your Windows environment. You will learn about Windows Defender Firewall and Advanced Security, Windows Defender Exploit Guard Network Protection, and how to configure them on your Windows devices. Additionally, you will be provided with the knowledge needed to understand the latest technology from Microsoft as it relates to network security for your Windows VMs in Azure.

Chapter 7, Identity and Access Management, provides a comprehensive overview of identity management and the importance it plays in securing and hardening your Windows systems. Identity has become the foundation of securing users – this chapter will cover everything you need to do within the identity and access management area. We will provide more details on account and access management, authentication, MFA, passwordless authentication, conditional access, and identity protection.

Chapter 8, Administration and Remote Management, provides details on different methods for administration and remote management as they relate to the Windows infrastructure. You will be provided with the knowledge needed to ensure that best practices are applied and will learn how to apply those best practices. The topics covered include enforcing policies with Configuration Manager and Intune, building security baselines, connecting securely to servers remotely, and an overview of PowerShell security.

Chapter 9, Keeping Your Windows Client Secure, covers Windows clients and the different solutions used to keep them secure and updated. You will also learn hardening techniques to secure exploits commonly used by attackers. The chapter also covers onboarding machines to Microsoft Defender ATP and Windows Update for Business, and provides details on advanced Windows hardening configurations for Windows 10 privacy.

Chapter 10, Keeping Your Windows Server Secure, looks at the Windows Server OS and introduces server roles and the security-related features of Windows Server 2019. You will learn about techniques used to keep your Windows server secure by implementing Windows Server Update Services (WSUS) and Azure Update Management, onboarding machines to Microsoft Defender ATP, and enforcing a security baseline. You will also learn how to deploy a Windows Defender application control policy.

Chapter 11, Security Monitoring and Reporting, talks about the different tools available that provide telemetry as well as insights and recommendations to help secure your environment. This chapter will inform you about the ways to act on recommendations to help secure your environment. Technologies covered include Microsoft Defender ATP, Log Analytics, Azure Monitor, and Azure Security Center.

Chapter 12, Security Operations, talks about the Security Operations Center (SOC) in an organization and discusses various tools used to ingest and analyze data to detect, protect, and alert you to incidents.

Chapter 13, Testing and Auditing, goes through validating that controls are in place and enforced. You will also learn about the importance of continual vulnerability scanning and testing in addition to the importance of penetration testing to ensure that the environment is assessed in terms of its ability to protect against the latest threats.

Chapter 14, Top 10 Recommendations and the Future, provides recommendations and actions to take away after reading this book. It also provides some insight into the direction of where the future of device security and management is headed, as well as some insight into our thoughts on the importance of security in the future.

To get the most out of this book

In order to get the most out of this book, the following items will be needed to follow along with the examples provided. Thanks to cloud technology, you will be able to quickly enable an environment to build the infrastructure and foundation needed to support your journey throughout this book.

It is recommended that you set up an Office 365 subscription (add your own custom domain), which will in turn create an Azure Active Directory (AAD) tenant. Once the AAD tenant has been set up, this will allow you to add an Azure subscription to begin consuming Azure resources tied to your Office 365 subscription and your custom domains.

Office 365 E5 30-day free trial:

Azure account with $200 credit for 30 days:

Cloud subscriptions required

  • An Azure subscription
  • Microsoft Enterprise E5
  • An Intune subscription and license
  • Microsoft Defender ATP licensing (Windows 10 E5 or M365 E5)
  • Enterprise Mobility + Security E3 or E5 (includes AAD Premium P2)


  • Global administrator rights to your Office 365 subscription
  • Owner role or appropriate RBAC to your Azure subscription to deploy resources
  • Domain admin rights on your domain controller or equivalent rights to modify Group Policy

Azure resources

  • Azure VMs (Windows 10 and Windows Server 2019 Core and Desktop versions from Marketplace)
  • A virtual network, subnet, network security group, and resource group
  • AAD
  • Azure Security Center Standard
  • Azure Sentinel
  • Azure Bastion
  • Microsoft Cloud App Security
  • A Log Analytics workspace
  • An Azure Automation account
  • Azure Update Management
  • Azure Privileged Identity Management

Applications, tools, and services

  • PowerShell (version 5.1 recommended) with the AAD module and the Azure PowerShell Az module
  • Text viewer to edit and open JSON files
  • Windows Assessment and Deployment Kit
  • Windows Deployment Services (Windows Server roles and features)
  • Microsoft Deployment Toolkit
  • System Center (Configuration Manager) hierarchy
  • Windows 2016 Active Directory and domain functional level
  • Microsoft Security Compliance Toolkit
  • WSUS
  • Windows 10 Pro/Enterprise, Windows Server 2016+ Core/Datacenter

All licensing and pricing is subject to change by Microsoft. Additionally, many of the products that are mentioned are covered under a license bundle, or available à la carte if you only want to enable a small subset of features.

For information about licensing Microsoft 365, visit this link:

To compare the different products available in the Microsoft 365 plans, visit this link:

For AAD pricing and features, visit this link:

If you are using the digital version of this book, we advise you to type the code yourself. Doing so will help you avoid any potential errors related to the copying and pasting of code.

Code in Action

Code in Action videos for this book can be viewed at (

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here:

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system."

A block of code is set as follows:

html, body, #map {

height: 100%;

margin: 0;

padding: 0


When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:


exten => s,1,Dial(Zap/1|30)

exten => s,2,Voicemail(u100)

exten => s,102,Voicemail(b100)

exten => i,1,Voicemail(s0)

Any command-line input or output is written as follows:

$ mkdir css

$ cd css

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select System info from the Administration panel."

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit


Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit