Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.
Table of Contents (19 chapters)
Section 1: Getting Started
Section 2: Applying Security and Hardening
Section 3: Protecting, Detecting, and Responding for Windows Environments

Investigating threats with Azure Security Center

In Chapter 11, Security Monitoring and Reporting, we enabled and configured the standard version of Azure Security Center to gain the benefits of all the available premium features. ATP is part of the standard feature for your Azure environment, including your Windows machines. To view and investigate any threats that have been triggered by Azure Security Center, do the following:

  1. Log in to
  2. Search for Security Center and open it.
  3. Click on Security Alerts within the Threat Protection section.
  4. Here, you will see all the generated alerts from your environment:

Figure 12.21 – Azure Security Center alerts

To further investigate an alert, simply click on the alert and you are provided with additional details. In addition, you will be provided with any available remediation steps by scrolling further down the details page. The following is an example of the details...