Book Image

Windows 11 for Enterprise Administrators - Second Edition

By : Manuel Singer, Jeff Stokes, Steve Miles, Thomas Lee, Richard Diver
Book Image

Windows 11 for Enterprise Administrators - Second Edition

By: Manuel Singer, Jeff Stokes, Steve Miles, Thomas Lee, Richard Diver

Overview of this book

Windows 11 comes with a plethora of new security measures, customizability, and accessibility features that can help your organization run more smoothly. But, without a proper introduction to this new version of Windows, it’s easy to miss the most important improvements, along with configuration options that will make migrating to Windows 11 frictionless. Windows 11 for Enterprise Administrators helps you understand the installation process, configuration methods, deployment scenarios, and management strategies. You’ll delve into configuring Remote Server Administration Tools for remote Windows Server and Azure Active Directory management. This edition emphasizes PowerShell's role in automating administrative tasks, and its importance in Windows 11 and Windows Server management. It also provides comprehensive insights into Windows 11 updates, including Version 21H2 and 22H2, contrasting them with Windows 10, ensuring your knowledge stays current with the latest enhancements in the Windows ecosystem. By the end of this book, you'll be well-equipped with Windows 11's vital technologies and potentials, enabling you to adeptly oversee and implement these attributes within your company.
Table of Contents (13 chapters)
Chapter 9: Advanced Configurations

Ensuring that we operate system security

As a part of our defense-in-depth look at securing Windows 11 systems, this section looks at the security measures we can take to protect the OS. These include Secure Boot and Trusted Boot, the Windows Security app, encryption, security baselines, and Defender, which we will discuss in the following sections.

Introducing Secure Boot and Trusted Boot

Secure Boot and Trusted Boot work together to provide OS-level protection of a Windows device during startup, preventing the loading of malware and corrupted components.

The initial boot-up protection is carried out by Secure Boot. The firmware is verified that it is digitally signed, and then all code that runs before the OS is checked by Secure Boot.

The digital signature of the OS bootloader is then checked to ensure the Secure Boot policy will trust it and that there has been no tampering.

Trusted Boot then picks up the process. The digital signal of the Windows kernel is verified...