Secure Windows Server on-premises and hybrid infrastructures

Solution Architect
Technology Manager
Microsoft Entra ID
Windows Server

Learn to secure your on-premises Windows Server resources and your Azure IaaS workloads. Determine if those resources have any security vulnerabilities, and remediate those potential security vulnerabilities.


  • Experience with managing Windows Server operating system and Windows Server workloads in on-premises scenarios, including AD DS, DNS, DFS, Hyper-V, and File and Storage Services.
  • Basic experience with implementing and managing IaaS services in Microsoft Azure.
  • Basic knowledge of Azure Active Directory.
  • Basic understanding security-related technologies (firewalls, encryption, multi-factor authentication, SIEM/SOAR).
  • Basic knowledge of PowerShell scripting.

Modules in this learning path

In this module, you will focus on how to improve the network security for Windows Server infrastructure as a service (IaaS) virtual machines (VMs) and how to diagnose network security issues with those VMs.

You'll learn about Azure Security Center and how to onboard Windows Server computers to Security Center. You'll also learn about Azure Sentinel, security information and event management (SIEM), and security orchestration, automation and response (SOAR).

You'll be able to enable Azure Update Management, deploy updates, review an update assessment, and manage updates for your Azure VMs.

You're able to implement Adaptive application controls within your organization to protect your Windows Server IaaS VMs.

You'll be able to configure Azure Disk Encryption for Windows IaaS VMs and back up and recover encrypted data.

In this module, you’ll learn how to monitor Windows Server Azure IaaS VMs for changes in files and the registry, as well as other monitor modifications made to application software.

Learn how to secure Windows Server DNS to help protect your network name resolution infrastructure and also learn how to implement DNS policies.

Protect your Active Directory environment by securing user accounts to least privilege and placing them in the Protected Users group. Learn how to limit authentication scope and remediate potentially insecure accounts.

Learn how to harden the security configuration of your Windows Server operating system environment. Secure administrative access to Privileged Access Workstations (PAWs), apply security baselines, and secure domain controllers and SMB traffic.

Learn how to use Windows Server Update Services to deploy operating system updates to computers on your network. Select the appropriate deployment option and combine WSUS with Microsoft Azure Update Management to manage server updates.