Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.
Table of Contents (19 chapters)
Section 1: Getting Started
Section 2: Applying Security and Hardening
Section 3: Protecting, Detecting, and Responding for Windows Environments


In this chapter, we covered what administration and remote management are and their importance for your Windows environment. We started with an overview of device administration and the different ways in which Windows devices can connect and register to your domain. We then learned how to enforce compliance and configured settings on your devices using MDM with Configuration Manager and Intune.

Next, we walked through building a Windows 10 security baseline using the Microsoft Security Compliance Toolkit. We discussed using the Policy Analyzer tool to compare settings and created a GPO from the recommended baseline and assigned it to an Active Directory OU. Then, we learned how to take existing GPOs and convert them into Configuration Manager Configuration Items to both remediate noncompliant settings or use monitor mode for reporting purposes. Finally, we reviewed remote management and provided details on how to deploy Azure Security Center JIT access and Azure Bastion...