MCSA: Windows Server 2016/2019

 certification qualifies you for a position as a network or computer systems administrator or as a computer network specialist, and it is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

• • Microsoft Course 20740 (Exam 70-740)
  • Microsoft Course 20741 (Exam 70-741)
  • Microsoft Course 20742 (Exam 70-742)

OR take the 70-743 Exam to Upgrade from an existing MCSA: Windows Server 2008 or MCSA: Windows Server 2012.

Earning an MCSE: Core Infrastructure certification validates that you have the skills needed to run a highly efficient and modern data center, identity management, systems management, virtualization, storage, and networking.

• • Microsoft Course 20744 (Exam 70-744)

 

Microsoft Course 20740

Exam 70-740: This course is designed primarily for IT professionals who have some experience with Windows Server. It is designed for professionals who will be responsible for managing storage and compute by using Windows Server 2016, and who need to understand the scenarios, requirements, and storage and compute options that are available and applicable to Windows Server 2016.

Audience profile

This course is intended for IT professionals who have some experiencing working with Windows Server, and who are looking for a single course that covers storage and compute technologies in Windows Server 2016. This course will help them update their knowledge and skills related to storage and compute for Windows Server 2016.

Candidates suitable for this course would be:

• • Windows Server administrators who are relatively new to Windows Server administration and related technologies, and who want to learn more about the storage and compute features in Windows Server 2016.
  • IT professionals with general IT knowledge, who are looking to gain knowledge about Windows Server, especially around storage and compute technologies in Windows Server 2016.

The secondary audience for this course are IT professionals looking to take the Microsoft 70-740 certification exam, Installation, Storage and Compute with Windows Server 2016.

At course completion

After completing this course, students will be able to:

• • Prepare and install Nano Server, a Server Core installation, and plan a server upgrade and migration strategy.
  • Describe the various storage options, including partition table formats, basic and dynamic disks, file systems, virtual hard disks, and drive hardware, and explain how to manage disks and volumes.
  • Describe enterprise storage solutions, and select the appropriate solution for a given situation.
  • Implement and manage Storage Spaces and Data Deduplication.
  • Install and configure Microsoft Hyper-V.
  • Deploy, configure, and manage Windows and Hyper-V containers.
  • Describe the high availability and disaster recovery technologies in Windows Server 2016.
  • Plan, create, and manage a failover cluster.
  • Implement failover clustering for Hyper-V virtual machines.
  • Configure a Network Load Balancing (NLB) cluster, and plan for an NLB implementation.
  • Create and manage deployment images.
  • Manage, monitor, and maintain virtual machine installations.

Prerequisites

Before attending this course, students must have:

• • A basic understanding of networking fundamentals.
  • An awareness and understanding of security best practices.
  • An understanding of basic AD DS concepts.
  • Basic knowledge of server hardware.
  • Experience supporting and configuring Windows client operating systems such as Windows 8 or Windows 10.

Additionally, students would benefit from having some previous Windows Server operating system experience, such as experience as a Windows Server systems administrator.

Course Outline

Module 1: Installing, upgrading, and migrating servers and workloads

This module explains how to prepare and install Nano Server and Server Core. This module also explains how to upgrade and migrate server roles and workloads. Finally, this module explains how to choose an activation model based on your environment characteristics.

• • Introducing Windows Server 2016
  • Preparing and installing Nano Server and Server Core
  • Preparing for upgrades and migrations
  • Migrating server roles and workloads
  • Windows Server activation models

After completing this module, students will be able to:

• • Choose the appropriate version of the Windows Server operating system, and describe the installation options and new features of Windows Server 2016.
  • Prepare and install Nano Server and Server Core.
  • Consider whether an upgrade or migration is the best approach, and use tools to help determine upgrade or migration suitability.
  • Migrate server roles and workloads within a domain and across domains or forests.
  • Choose an activation model based on your environment characteristics.

Module 2: Configuring local storage

This module explains how to manage disks and volumes in Windows Server 2016.

• • Managing disks in Windows Server 2016
  • Managing volumes in Windows Server 2016

After completing this module, students will be able to:

• • Manage disks in Windows Server 2016.
  • Manage volumes in Windows Server 2016.

Module 3: Implementing enterprise storage solutions

This module describes the direct-attached storage (DAS), network-attached storage (NAS), and storage area networks (SANs). It also helps you understand Microsoft Internet Storage Name Service (iSNS) Server, data center bridging, and Multipath I/O (MPIO). Additionally, this module also compares Fibre Channel, Internet Small Computer System Interface (iSCSI), and Fibre Channel Over Ethernet (FCoE), and describes how to configure sharing in Windows Server 2016.

• • Overview of direct-attached storage, network-attached storage, and storage area networks
  • Comparing Fibre Channel, iSCSI, and FCoE
  • Understanding iSNS, data centre bridging, and MPIO
  • Configuring sharing in Windows Server 2016

After completing this module, students will be able to:

• • Describe DAS, NAS, and SANs, and the usage scenarios for each topology.
  • Compare Fibre Channel, FCoE, an iSCSI target and initiator.Describe iSNS, MPIO, data center bridging, and Windows Storage Server 2016 (two versions-Workgroup and Standard).
  • Configure server message block (SMB) and network file system (NFS) shares by using Server Manager and Windows PowerShell.

Module 4: Implementing Storage Spaces and Data Deduplication

This module explains how to implement and manage Storage Spaces. This module also explains how to implement Data Deduplication.

• • Implementing Storage Spaces
  • Managing Storage Spaces
  • Implementing Data Deduplication

After completing this module, students will be able to:

• • Implement Storage Spaces as an enterprise storage solution.
  • Manage Storage Spaces by using Server Manager and Windows PowerShell.
  • Implement Data Deduplication.

Module 5: Installing and configuring Hyper-V and virtual machines

This module provides an overview of Hyper-V. This module also explains how to configure, manage, and install Hyper-V.

• • Overview of Hyper-V
  • Installing Hyper-V
  • Configuring storage on Hyper-V host servers
  • Configuring networking on Hyper-V host servers
  • Configuring Hyper-V virtual machines
  • Managing Hyper-V virtual machines

After completing this module, students will be able to:

• • Describe Hyper-V and virtualization.
  • Prepare to install the Hyper-V role.
  • Configure storage on Hyper-V host servers.
  • Configure networking on Hyper-V host servers.
  • Configure Hyper-V virtual machines.
  • Move virtual machines from one host to another host, using PowerShell Direct to manage a virtual machine, and manage miscellaneous virtual machine settings.

Module 6: Deploying and managing Windows Server and Hyper-V containers

This module provides and overview of containers in Windows Server 2016. It also explains how to deploy, install, configure, and manage containers in Windows Server 2016.

• • Overview of containers in Windows Server 2016
  • Deploying Windows Server and Hyper-V containers
  • Installing, configuring, and managing containers

After completing this module, students will be able to:

• • Explain the purpose of Windows Server and Hyper-V containers.
  • Deploy and manage Windows Server and Hyper-V containers.
  • Install, configure, and manage containers.

Module 7: Overview of high availability and disaster recovery

This module provides an overview of high availability, business continuity, and disaster recovery. It further explains how to plan high availability and disaster recovery solutions. Additionally, in this module you will know how to back up and restore the Windows Server 2016 operating system and data by using Windows Server Backup. Finally, you will learn about Windows Server 2016 high availability with failover clustering.

• • Defining levels of availability
  • Planning high availability and disaster recovery solutions with Hyper-V virtual machines
  • Backing up and restoring the Windows Server 2016 operating system and data by using Windows Server B
  • High availability with failover clustering in Windows Server 2016

After completing this module, students will be able to:

• • Describe high availability, business continuity, and disaster recovery.
  • Plan for high availability and disaster recovery solutions with Hyper-V virtual machines.
  • Back up and restore Hyper-V hosts, virtual machines, Active Directory Domain Services (AD DS), and file and web servers by using Windows Server Backup.
  • Describe Windows Server 2016 high availability with failover clustering.

Module 8: Implementing and managing failover clustering

This module explains how to plan, create, configure, maintain, and troubleshoot a failover cluster. This module also explains how to implement site high availability with stretch clustering.

• • Planning a failover cluster
  • Creating and configuring a new failover cluster
  • Maintaining a failover cluster
  • Troubleshooting a failover cluster
  • Implementing site high availability with stretch clustering

After completing this module, students will be able to:

• • Describe the requirements and infrastructure considerations for a failover cluster.
  • Create and configure a new failover cluster.
  • Monitor and maintain failover clusters.
  • Troubleshoot failover clusters by using various tools such as Performance Monitor, Event Viewer, and Windows PowerShell.
  • Configure and implement a stretch cluster.

Module 9: Implementing failover clustering for Hyper-V virtual machines

This module describes integrating Hyper-V virtual machines in a clustered environment. It also explains how to implement and maintain Hyper-V virtual machines on failover clusters. Additionally, this module also explains how to configure network health protection.

• • Overview of integrating Hyper-V in Windows Server 2016 with failover clustering
  • Implementing and maintaining Hyper-V virtual machines on failover clusters
  • Key features for virtual machines in a clustered environment

After completing this module, students will be able to:

• • Explain the integration of Hyper-V in Windows Server 2016 with failover clustering.
  • Implement and maintain Hyper-V virtual machines on failover clusters.
  • Describe and configure network health protection.

Module 10: Implementing Network Load Balancing

This module provides an overview of NLB clusters. It also explains how to plan and configure an NLB cluster implementation.

• • Overview of NLB clusters
  • Configuring an NLB cluster
  • Planning an NLB implementation

After completing this module, students will be able to:

• • Describe NLB and how it works.
  • Configure an NLB cluster.
  • Describe the considerations for implementing NLB.

Module 11: Creating and managing deployment images

This module provides an introduction to deployment images. It also explains how to create and manage deployment images by using the Microsoft Deployment Toolkit (MDT). Additionally, it explains how to evaluate an organization’s requirements for server virtualization.

• • Introduction to deployment images
  • Creating and managing deployment images by using MDT
  • Virtual machine environments for different workloads

After completing this module, students will be able to:

• • Explain the purpose of deployment images and the tools that you use to deploy and maintain them.
  • Implement and manage deployment images by using MDT.
  • Evaluate their organization’s requirements for server virtualization.

Module 12: Managing, monitoring, and maintaining virtual machine installations

This module provides an overview on WSUS and explains the deployment options. It explains how to update management process with WSUS and also how to use Performance Monitor. Additionally, this module also provides an overview of PowerShell Desired State Configuration (DSC) and Windows Server 2016 monitoring tools. Finally, this module describes how to use Performance Monitor and monitor Event Logs.

• • WSUS overview and deployment options
  • Update management process with WSUS
  • Overview of PowerShell DSC
  • Overview of Windows Server 2016 monitoring tools
  • Using Performance Monitor
  • Monitoring Event Logs

After completing this module, students will be able to:

• • Describe the purpose of Windows Server Update Services (WSUS) and the requirements to implement WSUS.
  • Manage the update process with WSUS.
  • Describe the purpose and benefits of PowerShell DSC.
  • Describe the monitoring tools available in Windows Server 2016.
  • Describe how to use Performance Monitor.
  • Describe how to manage event logs.

Microsoft Course 20741

Exam 70-741: This course provides the fundamental networking skills required to deploy and support Windows Server 2016 in most organizations. It covers IP fundamentals, remote access technologies, and more advanced content including software defined networking.

Audience profile

This course is intended for existing IT professionals who have some networking knowledge and experience and are looking for a single course that provides insight into core and advanced networking technologies in Windows Server 2016. This audience would typically include:

• • Network administrators who are looking to reinforce existing skills and learn about new networking technology changes and functionality in Windows Server 2016.
  • System or Infrastructure Administrators with general networking knowledge who are looking to gain core and advanced networking knowledge and skills on Windows Server 2016.

The secondary audience for this course is those IT professionals who are looking to take the MCSA 70-741: Networking with Windows Server 2016 exam.

At course completion

After completing this course, students will be able to:

• • Plan and implement an IPv4 network.
  • Implement Dynamic Host Configuration Protocol (DHCP).
  • Implement IPv6.
  • Implement Domain Name System (DNS).
  • Implement and manage IP address management (IPAM).
  • Plan for remote access.
  • Implement DirectAccess.
  • Implement virtual private networks (VPNs).
  • Implement networking for branch offices.
  • Configure advanced networking features.
  • Implement software defined networking.

Prerequisites

In addition to professional experience, students who attend this training should already have the following technical knowledge:

• • Experience working with Windows Server 2008 or Windows Server 2012
  • Experience working in a Windows Server infrastructure enterprise environment
  • Knowledge of the Open Systems Interconnection (OSI) model
  • Understanding of core networking infrastructure components and technologies such as cabling, routers, hubs, and switches
  • Familiarity with networking topologies and architectures such as local area networks (LANs), wide area networks (WANs) and wireless networking
  • Some basic knowledge of the TCP/IP protocol stack, addressing and name resolution
  • Experience with and knowledge of Hyper-V and virtualization
  • Hands-on experience working with the Windows client operating systems such as Windows 8.1 or Windows 10

Course Outline

Module 1: Planning and implementing an IPv4 network

This module explains how to plan and implement an IPv4 addressing scheme to support organizational needs. This module also explains how to use fundamental networking tools and techniques to configure and troubleshoot IPv4-based networks.

• • Planning IPv4 addressing
  • Configuring an IPv4 host
  • Managing and troubleshooting IPv4 network connectivity

After completing this module, students will be able to:

• • Plan IPv4 addressing.
  • Configure an IPv4 host.
  • Manage and troubleshoot IPv4 network connectivity.

Module 2: Implementing DHCP

This module explains how to plan and implement DHCP to support the IPv4 infrastructure.

• • Overview of the DHCP server role
  • Deploying DHCP
  • Managing and troubleshooting DHCP

After completing this module, students will be able to:

• • Explain the DHCP server role.
  • Deploy DHCP.
  • Manage and troubleshoot DHCP.

Module 3: Implementing IPv6

This module explains how to implement IPv6, and how to integrate IPv6 and IPv4 networks.

• • Overview of IPv6 addressing
  • Configuring an IPv6 host
  • Implementing IPv6 and IPv4 coexistence
  • Transitioning from IPv4 to IPv6

After completing this module, students will be able to:

• • Describe the features and benefits of IPv6.
  • Configure an IPv6 host.
  • Implement the coexistence between IPv4 and IPv6 networks.
  • Transition from an IPv4 network to an IPv6 network.

Module 4: Implementing DNS

This module explains how to install, configure, and troubleshoot DNS within the organization’s network.

• • Implementing DNS servers
  • Configuring zones in DNS
  • Configuring name resolution between DNS zones
  • Configuring DNS integration with Active Directory Domain Services (AD DS)
  • Configuring advanced DNS settings

After completing this module, students will be able to:

• • Implement DNS servers.
  • Configure zones in DNS.
  • Configure name resolution between DNS zones.
  • Configure DNS integration with AD DS.
  • Configure advanced DNS settings.

Module 5: Implementing and managing IPAM

This module explains how to implement and manage the IPAM feature in Windows Server 2016. This module also explains how to use IPAM to manage services such as DHCP and DNS.

• • IPAM overview
  • Deploying IPAM
  • Managing IP address spaces by using IPAM

After completing this module, students will be able to:

• • Describe IPAM functionality and components.
  • Deploy IPAM.
  • Manage IP address spaces by using IPAM.

Module 6: Remote access in Windows Server 2016

This module explains how to plan for remote access in Windows Server 2016 and how to implement Web Application Proxy.

• • Remote access overview
  • Implementing Web Application Proxy

After completing this module, students will be able to:

• • Describe remote access.
  • Implement Web Application Proxy.

Module 7: Implementing DirectAccess

This module explains how to implement and manage DirectAccess in Windows Server 2016.

• • Overview of DirectAccess
  • Implementing DirectAccess by using the Getting Started Wizard
  • Implementing and managing an advanced DirectAccess infrastructure

After completing this module, students will be able to:

• • Explain DirectAccess and how it works.
  • Implement DirectAccess by using the Getting Started Wizard.
  • Implement and manage an advanced DirectAccess infrastructure.

Module 8: Implementing VPNs

This module explains how to implement and manage remote access in Windows Server 2016 by using VPNs.

• • Planning VPNs
  • Implementing VPNs

After completing this module, students will be able to:

• • Plan for VPNs.
  • Implement VPNs.

Module 9: Implementing networking for branch offices

This module explains how to implement network services for branch offices.

• • Networking features and considerations for branch offices
  • Implementing Distributed File System (DFS) for branch offices
  • Implementing BranchCache for branch offices

After completing this module, students will be able to:

• • Describe the networking features and considerations for branch offices.
  • Implement DFS for branch offices.
  • Implement BranchCache for branch offices.

Module 10: Configuring advanced networking features

This module explains how to implement an advanced networking infrastructure.

• • Overview of high performance networking features
  • Configuring advanced Hyper-V networking features

After completing this module, students will be able to:

• • Describe high performance networking features.
  • Configure advanced Hyper-V networking features.

Module 11: Implementing software defined networking

This module explains how to implement software defined networking.

• • Overview of software defined networking
  • Implementing network virtualization
  • Implementing Network Controller

After completing this module, students will be able to:

• • Describe software defined networking.
  • Implement network virtualization.
  • Implement Network Controller.

Microsoft Course 20742

Exam 70-742: This course teaches IT Pros how to deploy and configure Active Directory Domain Services (AD DS) in a distributed environment, how to implement Group Policy, how to perform backup and restore, and how to monitor and troubleshoot Active Directory-related issues with Windows Server 2016. Additionally, this course teaches how to deploy other Active Directory server roles such as Active Directory Federation Services (AD FS) and Active Directory Certificate Services (AD CS).

Audience profile

This course is primarily intended for existing IT professionals who have some AD DS knowledge and experience and who aim to develop knowledge about identity and access technologies in Windows Server 2016. This would typically include:

• • AD DS administrators who are looking to train in identity and access technologies with Windows Server 2012 or Windows Server 2016.
  • System or infrastructure administrators with general AD DS experience and knowledge who are looking to cross-train in core and advanced identity and access technologies in Windows Server 2012 or Windows Server 2016.

The secondary audience for this course includes IT professionals who are looking to consolidate their knowledge about AD DS and related technologies, in addition to IT professionals who want to prepare for the 70-742 exam.

At course completion

After completing this course, students will be able to:

• • Install and configure domain controllers.
  • Manage objects in AD DS by using graphical tools and Windows PowerShell.
  • Implement AD DS in complex environments.
  • Implement AD DS sites, and configure and manage replication.
  • Implement and manage Group Policy Objects (GPOs).
  • Manage user settings by using GPOs.
  • Secure AD DS and user accounts.
  • Implement and manage a certificate authority (CA) hierarchy with AD CS.
  • Deploy and manage certificates.
  • Implement and administer AD FS.
  • Implement and administer Active Directory Rights Management Services (AD RMS).
  • Implement synchronization between AD DS and Azure AD.
  • Monitor, troubleshoot, and establish business continuity for AD DS services.

Prerequisites

Before attending this course, students must have:

• • Some exposure to and experience with AD DS concepts and technologies in Windows Server 2012 or Windows Server 2016.
  • Experience working with and configuring Windows Server 2012 or Windows Server 2016
  • Experience and an understanding of core networking technologies such as IP addressing, name resolution, and Dynamic Host Configuration Protocol (DHCP).
  • Experience working with and an understanding of Microsoft Hyper-V and basic server virtualization concepts.
  • An awareness of basic security best practices.
  • Hands-on working experience with Windows client operating systems such as Windows 7, Windows 8, Windows 8.1, or Windows 10.
  • Basic experience with the Windows PowerShell command-line interface.

Course Outline

Module 1: Installing and configuring DCs

This module describes features of AD DS and how to install domain controllers (DCs). It also covers the considerations for deploying DCs.

• • Overview of AD DS
  • Overview of AD DS DCs
  • Deploying DCs

After completing this module, students will be able to:

• • Describe AD DS and its main components.
  • Describe the purpose of DCs and the roles that a DC can hold.
  • Describe the considerations for deploying DCs.

Module 2: Managing objects in AD DS

This module describes how to use various techniques to manage objects in AD DS. This includes creating and configuring user, group, and computer objects.

• • Managing user accounts
  • Managing groups in AD DS
  • Managing computer accounts
  • Using Windows PowerShell for AD DS administration
  • Implementing and managing organizational units

After completing this module, students will be able to:

• • Describe and perform various techniques to manage user accounts.
  • Manage groups in AD DS.
  • Manage computers in AD DS.
  • Use Windows PowerShell to manage AD DS more efficiently.
  • Delegate permission to perform AD DS administration.

Module 3: Advanced AD DS infrastructure management

This module describes how to plan and implement an AD DS deployment that includes multiple domains and forests. The module provides an overview of the components in an advanced AD DS deployment, the process of implementing a distributed AD DS environment, and the procedure for configuring AD DS trusts.

• • Overview of advanced AD DS deployments
  • Deploying a distributed AD DS environment
  • Configuring AD DS trusts

After completing this module, students will be able to:

• • Describe the components of an advanced AD DS deployment.
  • Implement a distributed AD DS environment.
  • Configure AD DS trusts.

Module 4: Implementing and administering AD DS sites and replication

This module describes how to plan and implement an AD DS deployment that includes multiple locations. The module explains how replication works in a Windows Server 2016 AD DS environment.

• • Overview of AD DS replication
  • Configuring AD DS sites
  • Configuring and monitoring AD DS replication

After completing this module, students will be able to:

• • Describe how replication works in a Windows Server 2012 AD DS environment.
  • Configure AD DS sites to optimize AD DS network traffic.
  • Configure and monitor AD DS replication.

Module 5: Implementing Group Policy

This module describes how to implement a GPO infrastructure. The module provides an overview of the components and technologies that compose the Group Policy framework.

• • Introducing Group Policy
  • Implementing and administering GPOs
  • Group Policy scope and Group Policy processing
  • Troubleshooting the application of GPOs

After completing this module, students will be able to:

• • Describe the components and technologies that compose the Group Policy framework.
  • Configure and understand a variety of policy setting types.
  • Scope GPOs by using links, security groups, Windows Management Instrumentation (WMI) filters, loopback processing, and preference targeting.
  • Troubleshoot the application of GPOs.

Module 6: Managing user settings with GPOs

This module describes how to configure Group Policy settings and Group Policy preferences. This includes implementing administrative templates, configuring folder redirection and scripts, and configuring Group Policy preferences.

• • Implementing administrative templates
  • Configuring Folder Redirection and scripts
  • Configuring Group Policy preferences

After completing this module, students will be able to:

• • Describe administrative templates.
  • Configure Folder Redirection and scripts.
  • Configure GPO preferences.

Module 7: Securing AD DS

This module describes how to configure domain controller security, account security, password security, and Group Managed Service Accounts (gMSA).

• • Securing domain controllers
  • Implementing account security
  • Audit authentication
  • Configuring managed service accounts (MSAs)

After completing this module, students will be able to:

• • Secure domain controllers.
  • Implement password and lockout policies.
  • Configure authentication auditing and examine the resulting audit log.
  • Configure gMSAs.

Module 8: Deploying and managing AD CS

This module describes how to implement an AD CS deployment. This includes deploying, administering, and troubleshooting CAs.

• • Deploying CAs
  • Administering CAs
  • Troubleshooting and maintaining CAs

After completing this module, students will be able to:

• • Plan and implement an AD CS CA infrastructure.
  • Administer CAs.
  • Troubleshoot and maintain CAs.

Module 9: Deploying and managing certificates

This module describes how to deploy and manage certificates in an AD DS environment. This involves deploying and managing certificate templates, managing certificate revocation and recovery, using certificates in a business environment, and implementing smart cards.

• • Deploying and managing certificate templates
  • Managing certificate deployment, revocation, and recovery
  • Using certificates in a business environment
  • Implementing and managing smart cards

After completing this module, students will be able to:

• • Plan and implement a certificate template deployment by using an AD CS CA.
  • Describe and perform certificate enrollment, revocation, and recovery.
  • Describe and use certificates in business environments.
  • Describe how to use certificates with smart cards.

Module 10: Implementing and administering AD FS

This module describes AD FS and how to configure AD FS in a single-organization scenario and in a partner-organization scenario.

• • Overview of AD FS
  • AD FS requirements and planning
  • Deploying and configuring AD FS
  • Overview of Web Application Proxy

After completing this module, students will be able to:

• • Describe identity federation business scenarios and how AD FS can address them.
  • Configure AD FS prerequisites and plan AD FS services.
  • Implement AD FS to enable single sign-on (SSO) in various scenarios.
  • Describe Web Application Proxy.

Module 11: Implementing and administering AD RMS

This module describes how to implement an AD RMS deployment. The module provides an overview of AD RMS, explains how to deploy and manage an AD RMS infrastructure, and explains how to configure AD RMS content protection.

• • Overview of AD RMS
  • Deploying and managing an AD RMS infrastructure
  • Configuring AD RMS content protection

After completing this module, students will be able to:

• • Describe AD RMS and how it can help protect content.
  • Deploy and manage an AD RMS infrastructure.
  • Configure content protection by using AD RMS.

Module 12: Implementing AD DS synchronization with Azure AD

This module describes how to plan and configure directory syncing between Microsoft Azure Active Directory (Azure AD) and on-premises AD DS. The modules describes various sync scenarios, such as Azure AD sync, AD FS and Azure AD, and Azure AD Connect.

• • Planning and preparing for directory synchronization
  • Implementing directory synchronization by using Azure AD Connect
  • Managing identities with directory synchronization

After completing this module, students will be able to:

• • Plan and prepare for the deployment of directory synchronization.
  • Configure directory synchronization by using Azure AD Connect.
  • Manage identities after deploying directory synchronization.

Module 13: Monitoring, managing, and recovering AD DS

This module describes how to monitor, manage, and maintain AD DS to help achieve high availability of AD DS.

• • Monitoring AD DS
  • Managing the AD DS database
  • Recovering AD DS objects

After completing this module, students will be able to:

• • Monitor AD DS.
  • Manage the AD DS database.
  • Perform AD DS backup and restore operations, and to recover deleted objects from AD DS. [ back to top ]

Microsoft Course 20744

Exam 70-744: This course teaches IT professionals how they can enhance the security of the IT infrastructure that they administer. This course begins by emphasizing the importance of assuming that network breaches have occurred already, and then teaches you how to protect administrative credentials and rights to help ensure that administrators can perform only the tasks that they need to, when they need to.

This course explains how you can use auditing and the Advanced Threat Analysis feature in Windows Server 2016 to identify security issues. You will also learn how to mitigate malware threats, secure your virtualization platform, and use deployment options such as Nano server and containers to enhance security. The course also explains how you can help protect access to files by using encryption and dynamic access control, and how you can enhance your network’s security.

Audience profile

This course is for IT professionals who need to securely administer Windows Server 2016 networks. These professionals typically work with networks that are configured as Windows Server domain-based environments, with managed access to the internet and cloud services.

Students who seek certification in the 70-744 Securing Windows server exam also will benefit from this course.

At course completion

After completing this course, students will be able to:

• • Secure Windows Server.
  • Protect credentials and implement privileged access workstations.
  • Limit administrator rights with Just Enough Administration.
  • Manage privileged access.
  • Mitigate malware and threats.
  • Analyze activity with advanced auditing and log analytics.
  • Deploy and configure Advanced Threat Analytics and Microsoft Operations Management Suite.
  • Configure Guarded Fabric virtual machines (VMs).
  • Use the Security Compliance Toolkit (SCT) and containers to improve security.
  • Plan and protect data.
  • Optimize and secure file services.
  • Secure network traffic with firewalls and encryption.
  • Secure network traffic by using DNSSEC and Message Analyzer.

Prerequisites

Students should have at least two years of experience in the IT field and should have:

• • Completed courses 740, 741, and 742, or the equivalent.
  • A solid, practical understanding of networking fundamentals, including TCP/IP, User Datagram Protocol (UDP), and Domain Name System (DNS).
  • A solid, practical understanding of Active Directory Domain Services (AD DS) principles.
  • A solid, practical understanding of Microsoft Hyper-V virtualization fundamentals.
  • An understanding of Windows Server security principles.

Course Outline

Module 1: Attacks, breach detection, and Sysinternals tools

This module frames the course so that students are thinking about security in environments where the infrastructure’s basis is predominantly Microsoft products. The module begins with teaching students about the “assume breach” philosophy and getting them to understand the different types of attacks that can occur, including attack timelines and vectors. Additionally, it gets students thinking about key resources, how they respond when they detect an incident, and how an organization’s direct needs and legislative requirements dictate its security policy.

• • Understanding attacks
  • Detecting security breaches
  • Examining activity with the Sysinternals tools

After completing this module, students will be able to:

• • Describe the types of attacks that can occur.
  • Explain how to detect security breaches.
  • Explain how to examine activity by using the Sysinternals suite of tools.

Module 2: Protecting credentials and privileged access

This module covers user accounts and rights, computer and service accounts, credentials, Privileged Access Workstations, and the Local Administrator Password Solution. In this module, students will learn about configuring user rights and security options, protecting credentials by using Credential Guard, implementing Privileged Access Workstations, and managing and deploying Local Administrator Password Solution to manage local administrator account passwords.

• • Understanding user rights
  • Computer and service accounts
  • Protecting credentials
  • Privileged Access Workstations and jump servers
  • Local administrator password solution

After completing this module, students will be able to:

• • Configure user rights.
  • Implement computer and service accounts.
  • Protect credentials.
  • Describe how to configure Privileged Access Workstations and jump servers.
  • Configure the Local Administrator Password Solution (LAPS).

Module 3: Limiting administrator rights with Just Enough Administration

This module explains how to deploy and configure Just Enough Administration (JEA), which is an administrative technology that allows students to apply role-based access control (RBAC) principles through Windows PowerShell remote sessions.

• • Understanding JEA
  • Verifying and deploying JEA

After completing this module, students will be able to:

• • Understand JEA.
  • Verify and deploy JEA.

Module 4: Privileged access management and administrative forests

This module explains the concepts of Enhanced Security Administrative Environment (ESAE) forests, Microsoft Identity Manager (MIM), and Just In Time (JIT) Administration, or Privileged Access Management (PAM).

• • ESAE forests
  • Overview of Microsoft Identity Manager
  • Overview of JIT administration and PAM

After completing this module, students will be able to:

• • Describe ESAE forests.
  • Describe MIM.
  • Understand JIT administration and PAM.

Module 5: Mitigating malware and threats

This module explains how to use tools such as Windows Defender, Windows AppLocker, Microsoft Device Guard, Windows Defender Application Guard, and Windows Defender Exploit Guard.

• • Configuring and managing Windows Defender
  • Restricting software
  • Configuring and using the Device Guard feature

After completing this module, students will be able to:

• • Configure and manage Windows Defender.
  • Use software restriction policies and AppLocker.
  • Configure and use the Device Guard feature.

Module 6: Analyzing activity with advanced auditing and log analytics

This module provides an overview of auditing, and then goes into detail about how to configure advanced auditing and Windows PowerShell auditing and logging.

• • Overview of auditing
  • Advanced auditing
  • Windows PowerShell auditing and logging

After completing this module, students will be able to:

• • Describe auditing.
  • Understand advanced auditing.
  • Configure Windows PowerShell auditing and logging.

Module 7: Deploying and configuring Advanced Threat Analytics and Microsoft Operations Management Suite

This module explains the Microsoft Advanced Threat Analytics tool and the Microsoft Operations Management suite (OMS). It also explains how you can use them to monitor and analyse the security of a Windows Server deployment. You will also learn about Microsoft Azure Security Center, which allows you to manage and monitor the security configuration of workloads both on-premises and in the cloud.

• • Deploying and configuring ATA
  • Deploying and configuring Microsoft Operations Management Suite
  • Deploying and configuring Azure Security Center

After completing this module, students will be able to:

• • Deploy and configure ATA.
  • Deploy and configure Microsoft Operations Management Suite.
  • Deploy and configure Azure Security Center.

Module 8: Secure Virtualization Infrastructure

This module explains how to configure Guarded Fabric VMs, including the requirements for shielded and encryption-supported VMs.

• • Guarded fabric
  • Shielded and encryption-supported virtual machines

After completing this module, students will be able to:

• • Configure the guarded fabric.
  • Describe shielded and encryption-supported VMs.

Module 9: Securing application development and server-workload infrastructure

This module describes the SCT, which is a free, downloadable set of tools that you can use to create and apply security settings. You will also learn about improving platform security by reducing the size and scope of application and compute resources by containerizing workloads.

• • Using SCT
  • Understanding containers

After completing this module, students will be able to:

• • Install SCT, and create and deploy security baselines.
  • Configure Windows and Hyper-V containers in Windows Server 2016.

Module 10: Planning and protecting data

This module explains how to configure Encrypting File System (EFS) and BitLocker drive encryption to protect data at rest. You will also learn about extending protection into the cloud by using Azure Information Protection.

• • Planning and implementing encryption
  • Planning and implementing BitLocker
  • Protecting data by using Azure Information Protection

After completing this module, students will be able to:

• • Plan and implement encryption.
  • Plan and implement BitLocker.
  • Plan and implement Azure Information Protection.

Module 11: Optimizing and securing file services

This module explains how to optimize file services by configuring File Server Resource Manager (FSRM) and Distributed File System (DFS). Students also will learn how to manage access to shared files by configuring Dynamic Access Control (DAC).

• • File Server Resource Manager
  • Implementing classification and file management tasks
  • Dynamic Access Control

After completing this module, students will be able to:

• • Describe File Server Resource Manager.
  • Implement classification and file management tasks.
  • Implement Dynamic Access Control.

Module 12: Securing network traffic with firewalls and encryption

This module explains how you can use Windows Firewall as an important part of an organization’s protection strategy. It explains the use of Internet Protocol security (IPsec) to encrypt network traffic and to establish security zones on your network. You will also learn about the Datacenter Firewall feature that you can use to help protect your on-premises virtual environments.

• • Understanding network-related security threats
  • Understanding Windows Firewall with Advanced Security
  • Configuring IPsec
  • Datacenter Firewall

After completing this module, students will be able to:

• • Describe network-related security threats and how to mitigate them.
  • Configure Windows Firewall with Advanced Security.
  • Configure IPsec.
  • Describe Datacenter Firewall.

Module 13: Securing network traffic

This module explores some of the Windows Server 2016 technologies that you can use to help mitigate network-security threats. It explains how you can configure DNSSEC to help protect network traffic, and use Microsoft Message Analyzer to monitor network traffic. The module also describes how to secure Server Message Block (SMB) traffic.

• • Configuring advanced DNS settings
  • Examining network traffic with Message Analyzer
  • Securing and analyzing SMB traffic

After completing this module, students will be able to:

• Configure advanced DNS settings.
• Use the Message Analyzer.
• Secure SMB traffic.