Skip to main content
Windows Security Essentials

Windows Security Essentials

$495.00
Availability:
Downloadable Resources, Instant Access
How you learn:
Self-paced • Lifetime updates
Toolkit Included:
Includes a practical, ready-to-use toolkit containing implementation templates, worksheets, checklists, and decision-support materials used to accelerate real-world application and reduce setup time.
Your guarantee:
30-day money-back guarantee — no questions asked
Who trusts this:
Trusted by professionals in 160+ countries
When you get access:
Course access is prepared after purchase and delivered via email
Adding to cart… The item has been added

This curriculum reflects the scope typically addressed across a full consulting engagement or multi-phase internal transformation initiative.

Foundations of Windows Security Architecture

  • Evaluate the role of the Local Security Authority (LSA), Security Accounts Manager (SAM), and NTLM vs. Kerberos in authentication pathways
  • Analyze the security implications of Windows boot processes, including Secure Boot, UEFI, and Trusted Platform Module (TPM) integration
  • Map Windows security subsystems to organizational threat models, identifying attack surfaces in kernel vs. user mode operations
  • Compare built-in Windows security boundaries (user, session, service) and their enforcement mechanisms
  • Assess risks associated with legacy components such as LLMNR, NetBIOS, and SMBv1 in modern enterprise environments
  • Design security baselines aligned with Microsoft’s Security Compliance Toolkit and CIS Benchmarks
  • Implement and audit Windows Defender Credential Guard to mitigate pass-the-hash and credential theft attacks

Identity and Access Management in Active Directory

  • Design least-privilege group membership strategies using AGDLP/AGUDLP models in multi-domain forests
  • Implement and audit Protected Users group policies to enforce modern authentication requirements
  • Configure fine-grained password policies for high-risk roles without compromising usability
  • Assess risks of excessive domain admin rights and design tiered administrative access models
  • Monitor and remediate Kerberos delegation misconfigurations that enable privilege escalation
  • Plan and execute secure trust relationships between domains and forests, including external and forest trusts
  • Implement Just-In-Time (JIT) administration using Microsoft Identity Manager or Azure AD Privileged Identity Management

Endpoint Protection and Defense-in-Depth

  • Configure and manage Windows Defender Antivirus policies via Group Policy or Intune with centralized reporting
  • Balance real-time protection performance impact against detection efficacy across endpoint workloads
  • Implement Controlled Folder Access to prevent ransomware encryption of critical data
  • Deploy and manage exploit protection rules (EMET successor) for legacy applications with known vulnerabilities
  • Integrate Windows Defender Application Control (WDAC) policies to enforce code integrity and block untrusted executables
  • Configure attack surface reduction (ASR) rules with appropriate exclusions to maintain business continuity
  • Design endpoint detection and response (EDR) onboarding strategies using Microsoft Defender for Endpoint

Network Security and Communication Hardening

  • Design and enforce host-based firewall rules using Windows Firewall with Advanced Security for server roles
  • Implement IPsec policies to encrypt and authenticate traffic between critical systems
  • Disable or restrict insecure protocols (e.g., SMBv1, NTLM, RPC endpoints) based on application dependencies
  • Configure secure DNS settings, including DNS over HTTPS (DoH) and DNSSEC validation
  • Segment network access using Windows Defender Firewall and Zero Trust principles for hybrid environments
  • Monitor and log suspicious network connections using Windows Event Forwarding and SIEM integration
  • Assess the impact of network isolation on legacy applications during security policy rollouts

Group Policy and Configuration Governance

  • Design Group Policy Object (GPO) inheritance and filtering strategies using WMI and security group filters
  • Implement change control and versioning for GPOs using the Group Policy Management Console (GPMC) and backup procedures
  • Enforce security settings via GPO while managing exceptions for specialized workloads or departments
  • Audit GPO application using Resultant Set of Policy (RSoP) and Group Policy Results in hybrid environments
  • Secure GPOs against tampering by restricting permissions on SYSVOL and GPO objects
  • Integrate Desired State Configuration (DSC) with GPO for declarative configuration management at scale
  • Monitor GPO processing failures and latency across distributed domain controllers

Privileged Access and Just-Enough-Administration

  • Design and deploy Just-Enough-Administration (JEA) endpoints to limit PowerShell command exposure
  • Implement role-capable PowerShell sessions with constrained language mode and logging
  • Configure and audit Local Administrator Password Solution (LAPS) for hybrid and on-premises environments
  • Integrate privileged access workstations (PAWs) into administrative workflows with hardware and policy controls
  • Enforce session isolation for privileged users to prevent credential leakage across systems
  • Monitor and alert on privileged account usage using Windows Event IDs 4670, 4674, and 4697
  • Evaluate trade-offs between administrative efficiency and security when delegating management tasks

Logging, Monitoring, and Incident Response

  • Configure advanced audit policies for object access, privilege use, and account management events
  • Centralize and normalize Windows event logs using Windows Event Forwarding (WEF) or third-party SIEM
  • Develop detection rules for common attack patterns (e.g., pass-the-ticket, DCShadow, golden tickets)
  • Preserve forensic integrity of event logs by securing log retention and preventing tampering
  • Correlate Windows security events with endpoint telemetry to identify lateral movement
  • Conduct live response investigations using built-in tools (e.g., Task Manager, netstat, PowerShell)
  • Design incident response playbooks specific to Windows-based malware and ransomware outbreaks

Hybrid Identity and Cloud Integration Security

  • Configure and audit Azure AD Connect synchronization with password hash sync, pass-through authentication, or federation
  • Implement seamless SSO while mitigating risks of on-premises compromise affecting cloud access
  • Enforce conditional access policies for hybrid users based on device compliance and sign-in risk
  • Manage hybrid Azure AD join and device identity lifecycle across on-premises and cloud
  • Secure service accounts used in hybrid synchronization and application integrations
  • Monitor and respond to anomalous sign-in activities using Azure AD Identity Protection
  • Plan for identity resilience by designing failover and recovery procedures for identity systems

Security Automation and Operational Resilience

  • Develop PowerShell scripts to automate security configuration checks and remediation tasks
  • Implement secure scripting practices, including module signing, execution policy enforcement, and script block logging
  • Integrate Windows security controls with IT service management (ITSM) tools for ticketing and change tracking
  • Design patch management workflows balancing security urgency with system availability
  • Conduct periodic security posture assessments using Microsoft Secure Score and Attack Surface Analyzer
  • Simulate attack scenarios using red team tools to validate defensive configurations
  • Establish metrics for security effectiveness, including mean time to detect (MTTD) and mean time to respond (MTTR)
!