Employees of federal, state and local governments; and businesses working with the government. This four-day course is intended for Windows Server Hybrid Administrators who have experience working with Windows Server and want to extend the capabilities of their on-premises environments by combining on-premises and hybrid technologies. Windows Server Hybrid Administrators who already implement and manage on-premises core technologies want to secure and protect their environments, migrate virtual and physical workloads to Azure Iaas, enable a highly available, fully redundant environment, and perform monitoring and troubleshooting.
Before attending this course, students must have:
- Experience with managing Windows Server operating system and Windows Server workloads in on-premises scenarios, including AD DS, DNS, DFS, Hyper-V, and File and Storage Services
- Experience with common Windows Server management tools (implied in the first prerequisite).
- Basic knowledge of core Microsoft compute, storage, networking, and virtualization technologies (implied in the first prerequisite).
- Experience and an understanding of core networking technologies such as IP addressing, name resolution, and Dynamic Host Configuration Protocol (DHCP)
- Experience working with and an understanding of Microsoft Hyper-V and basic server virtualization concepts
- An awareness of basic security best practices
- Basic understanding of security-related technologies (firewalls, encryption, multi-factor authentication, SIEM/SOAR).
- Basic knowledge of on-premises resiliency Windows Server-based compute and storage technologies (Failover Clustering, Storage Spaces).
- Basic experience with implementing and managing IaaS services in Microsoft Azure
- Basic knowledge of Azure Active Directory
- Experience working hands-on with Windows client operating systems such as Windows 10 or Windows 11
- Basic experience with Windows PowerShell
An understanding of the following concepts as related to Windows Server technologies:
- High availability and disaster recovery
What You’ll Learn:
Students will learn to,
- Secure Windows Server user accounts
- Hardening Windows Server
- Windows Server update management
- Secure Windows Server DNS
- Implement Windows Server IaaS VM network security
- Audit the security of Windows Server IaaS Virtual Machines
- Manage Azure updates
- Create and implement application allowlists with adaptive application control
- Configure BitLocker disk encryption for Windows IaaS Virtual Machines
- Implement change tracking and file integrity monitoring for Windows IaaS VMs
- Introduction to Cluster Shared Volumes
- Implement Windows Server failover clustering
- Implement high availability of Windows Server VMs
- Implement Windows Server File Server high availability
- Implement scale and high availability with Windows Server VM
- Implement Hyper-V Replica
- Protect your on-premises infrastructure from disasters with Azure Site Recovery
- Implement hybrid backup and recovery with Windows Server IaaS
- Protect your Azure infrastructure with Azure Site Recovery
- Protect your virtual machines by using Azure Backup
- Active Directory Domain Services migration
- Migrate file server workloads using Storage Migration Service
- Migrate Windows Server roles
- Migrate on-premises Windows Server instances to Azure IaaS virtual machines
- Upgrade and migrate Windows Server IaaS virtual machines
- Containerize and migrate ASP.NET applications to Azure App Service
- Monitor Windows Server performance
- Manage and monitor Windows Server event logs
- Implement Windows Server auditing and diagnostics
- Troubleshoot Active Directory
- Monitor Windows Server IaaS Virtual Machines and hybrid instances
- Monitor the health of your Azure virtual machine by using Azure Metrics Explorer and metric alerts
- Monitor performance of virtual machines by using Azure Monitor VM Insights
- Troubleshoot on-premises and hybrid networking
- Troubleshoot Windows Server Virtual Machines in Azure
Module 1 : Secure Windows Server user accounts
- Configure and manage user accounts to limit security threats across an organization
- Apply Protected Users settings, policies, and authentication silos to protect highly privileged user accounts
- Describe and configure Windows Defender Credential Guard.
- Configure Group Policy to block the use of NTLM for authentication
Module 2 : Hardening Windows Server
- Manage local administrator passwords using Local Administrator Password Solution
- Limit administrative access to Privileged Access Workstations (PAWs)
- Explain how to secure domain controllers from being compromised
- Describe how to use the Microsoft Security Compliance Toolkit to harden servers
- Secure SMB traffic using SMB encryption
Module 3 : Windows Server update management
- Describe the role of Windows Server Update Services (WSUS)
- Describe the WSUS update management process
- Deploy updates with WSUS
Module 4 : Secure Windows Server DNS
- Describe split-horizon DNS and explain how to implement it.
- Create DNS policies.
- Implement DNS policies.
- Describe the options for protecting the DNS server role.
- Implement DNS security.
Module 5 : Implement Windows Server IaaS VM network security
- Implement Network Security Groups (NSGs) with Windows Server IaaS VMs.
- Implement adaptive network hardening.
- Implement Azure Firewall.
- Implement Windows Defender Firewall in Windows Server IaaS VMs.
- Choose an appropriate filtering solution.
- Capture network traffic with Network Watcher.
Module 6 : Audit the security of Windows Server IaaS Virtual Machines
- Describe Azure Security Center.
- Enable Azure Security Center in hybrid environments.
- Onboard Windows Server computers to Azure Security Center.
- Implement and assess security policies.
- Describe Azure Sentinel.
- Implement SIEM and SOAR.
- Protect your resources with Azure Security Center.
Module 7 : Manage Azure updates
- Describe Azure updates.
- Enable Update Management.
- Deploy updates.
- Review an update assessment.
- Manage updates for your Azure VMs.
Module 8 : Create and implement application allow lists with adaptive application control
- Enable Adaptive application controls.
- Implement adaptive application control policies.
Module 9 : Configure BitLocker disk encryption for Windows IaaS Virtual Machines
- Describe Azure Disk Encryption.
- Configure Key Vault to support Azure Disk Encryption.
- Explain how to encrypt Azure IaaS VM hard disks.
- Back up and recover encrypted data from IaaS VM hard disks.
Module 10 : Implement change tracking and file integrity monitoring for Windows IaaS VMs
- Implement Change Tracking and Inventory
- Manage Change Tracking and Inventory
- Manage tracked files
- Implement File Integrity Monitoring
- Select and monitor entities
- Use File Integrity Monitoring
Module 11 : Introduction to Cluster Shared Volumes
- Describe the functionality of CSV.
- Describe the architecture and components of CSV.
- Implement CSV.
Module 12 : Implement Windows Server failover clustering
- Describe Windows Server failover clustering.
- Implement Windows Server failover clustering.
- Manage Windows Server failover clustering.
- Implement stretch clusters.
- Describe cluster sets.
Module 13 : Implement high availability of Windows Server VMs
- Describe the Hyper-V high availability options.
- Describe Hyper-V VMs load balancing.
- Implement Hyper-V VMs live migration.
- Implement Hyper-V VMs storage migration.
Module 14 : Implement Windows Server File Server high availability
- Provide a high-level overview of Windows Server File Server high-availability options.
- Describe the characteristics of, and high-level implementation steps for Cluster Shared Volumes (CSV).
- Describe the characteristics of, and high-level implementation steps for Scale-Out File Server (SOFS).
- Describe the characteristics of, and high-level implementation steps for Storage Replica.
Module 15 : Implement scale and high availability with Windows Server VM
- Describe virtual machine scale sets.
- Implement scaling.
- Implement load-balancing virtual machines.
- Implement Azure Site Recovery.
Module 16 : Implement Hyper-V Replica
- Describe Hyper-V Replica, pre-requisites for its use, and its high-level architecture and components.
- Describe Hyper-V Replica usage scenarios, available replication settings, and security considerations.
- Configure Hyper-V Replica settings, health monitoring, and failover options.
- Implement Hyper-V Replica.
- Describe extended replication.
- Describe Site Recovery.
- Implement Site Recovery.
Module 17 : Protect your on-premises infrastructure from disasters with Azure Site Recovery
- Identify the features and protection capabilities Azure Site Recovery provides to on-premises infrastructure
- Identify the requirements for enabling protection of on-premises infrastructure
Module 18 : Implement hybrid backup and recovery with Windows Server IaaS
- Describe Azure Backup.
- Implement Recovery Vaults.
- Implement Azure Backup policies.
- Recover Windows IaaS VMs.
- Perform file and folder recovery.
- Perform backup and recovery of on-premises workloads.
- Explain how to manage Azure VM backups with Azure Backup.
Module 19 : Protect your Azure infrastructure with Azure Site Recovery
- Protect Azure virtual machines with Azure Site Recovery
- Run a disaster recovery drill to validate protection
- Failover and failback your virtual machines
Module 20 : Protect your virtual machines by using Azure Backup
- Identify the scenarios for which Azure Backup provides backup and restore capabilities
- Back up and restore an Azure virtual machine
Module 21 : Active Directory Domain Services migration
- Compare upgrading an AD DS forest and migrating to a new AD DS forest
- Describe how to upgrade an existing AD DS forest
- Describe how to migrate to a new AD DS forest
- Describe Active Directory Migration Tool (ADMT)
Module 22 : Migrate file server workloads using Storage Migration Service
- Describe Storage Migration Service and its usage scenarios
- Identify the requirements for using Storage Migration Service
- Describe how to migrate a server with storage migration
- List the considerations for using Storage Migration Service
Module 23 : Migrate Windows Server roles
- Describe the Windows Server Migration Tools
- Use the migration tools to migrate specific Windows Server roles
Module 24 : Migrate on-premises Windows Server instances to Azure IaaS virtual machines
- Plan your migration.
- Describe Azure Migrate.
- Migrate server workloads using Windows Server Migration Tools.
- Assess physical servers with Azure Migrate.
- Migrate on-premises servers to Azure.
Module 25 : Upgrade and migrate Windows Server IaaS virtual machines
- Describe Windows Server IaaS migration.
- Explain how to migrate workloads using Windows Server Migration tools.
- Describe storage migration.
- Migrate file servers by using the Storage Migration Service.
Module 26 : Containerize and migrate ASP.NET applications to Azure App Service
- Discover and containerize your ASP.NET app running on Windows machines using Azure Migrate: App Containerization.
- Build a container image for your ASP.NET application.
- Deploy your containerized application to Azure App Service using Azure Migrate: App Containerization.
Module 27 : Monitor Windows Server performance
- Use built-in tools in Windows Server to monitor server performance
- Understand the fundamentals of server performance tuning
Module 28 : Manage and monitor Windows Server event logs
- Describe event logs
- Use Server Manager and Windows Admin Center to – Review event logs
- Implement custom views
- Configure an event subscription
Module 29 : Implement Windows Server auditing and diagnostics
- Audit Windows Server events
- Configure Windows Server to record diagnostic information
Module 30 : Troubleshoot Active Directory
- Recover the AD DS database, objects in AD DS, and SYSVOL
- Troubleshoot AD DS replication
- Troubleshoot Hybrid authentication issues
Module 31 : Monitor Windows Server IaaS Virtual Machines and hybrid instances
- Enable Azure Monitor for VMs.
- Monitor an Azure VM with Azure Monitor.
- Enable Azure Monitor in hybrid scenarios.
- Collect data from a Windows computer in a hybrid environment.
- Integrate Azure Monitor with Microsoft Operations Manager.
Module 32 : Monitor the health of your Azure virtual machine by using Azure Metrics Explorer and metric alerts
- Identify metrics and diagnostic data that you can collect for virtual machines
- Configure monitoring for a virtual machine
- Use monitoring data to diagnose problems
Module 33 : Monitor performance of virtual machines by using Azure Monitor VM Insights
- Evaluate Azure Monitor Logs and Azure Monitor VM Insights.
- Configure a Log Analytics workspace.
- Build queries from the Heartbeat and Insights Metrics tables.
Module 34 : Troubleshoot on-premises and hybrid networking
- Diagnose DHCP and DNS problems in on-premises contexts
- Diagnose IP configuration and routing problems
- Implement Packet Monitor to help diagnose network problems
- Use Azure Network Watcher to troubleshoot Microsoft Azure virtual networks
Module 35 : Troubleshoot Windows Server Virtual Machines in Azure
- Troubleshoot VM deployment and extension issues
- Troubleshoot VM startup and performance issues
- Troubleshoot VM storage and encryption issues
- Troubleshoot connectivity to VMs