Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.
Table of Contents (19 chapters)
Section 1: Getting Started
Section 2: Applying Security and Hardening
Section 3: Protecting, Detecting, and Responding for Windows Environments

To get the most out of this book

In order to get the most out of this book, the following items will be needed to follow along with the examples provided. Thanks to cloud technology, you will be able to quickly enable an environment to build the infrastructure and foundation needed to support your journey throughout this book.

It is recommended that you set up an Office 365 subscription (add your own custom domain), which will in turn create an Azure Active Directory (AAD) tenant. Once the AAD tenant has been set up, this will allow you to add an Azure subscription to begin consuming Azure resources tied to your Office 365 subscription and your custom domains.

Office 365 E5 30-day free trial:

Azure account with $200 credit for 30 days:

Cloud subscriptions required

  • An Azure subscription
  • Microsoft Enterprise E5
  • An Intune subscription and license
  • Microsoft Defender ATP licensing (Windows 10 E5 or M365 E5)
  • Enterprise Mobility + Security E3 or E5 (includes AAD Premium P2)


  • Global administrator rights to your Office 365 subscription
  • Owner role or appropriate RBAC to your Azure subscription to deploy resources
  • Domain admin rights on your domain controller or equivalent rights to modify Group Policy

Azure resources

  • Azure VMs (Windows 10 and Windows Server 2019 Core and Desktop versions from Marketplace)
  • A virtual network, subnet, network security group, and resource group
  • AAD
  • Azure Security Center Standard
  • Azure Sentinel
  • Azure Bastion
  • Microsoft Cloud App Security
  • A Log Analytics workspace
  • An Azure Automation account
  • Azure Update Management
  • Azure Privileged Identity Management

Applications, tools, and services

  • PowerShell (version 5.1 recommended) with the AAD module and the Azure PowerShell Az module
  • Text viewer to edit and open JSON files
  • Windows Assessment and Deployment Kit
  • Windows Deployment Services (Windows Server roles and features)
  • Microsoft Deployment Toolkit
  • System Center (Configuration Manager) hierarchy
  • Windows 2016 Active Directory and domain functional level
  • Microsoft Security Compliance Toolkit
  • WSUS
  • Windows 10 Pro/Enterprise, Windows Server 2016+ Core/Datacenter

All licensing and pricing is subject to change by Microsoft. Additionally, many of the products that are mentioned are covered under a license bundle, or available à la carte if you only want to enable a small subset of features.

For information about licensing Microsoft 365, visit this link:

To compare the different products available in the Microsoft 365 plans, visit this link:

For AAD pricing and features, visit this link:

If you are using the digital version of this book, we advise you to type the code yourself. Doing so will help you avoid any potential errors related to the copying and pasting of code.