Microsoft 70-744 Securing Windows Server 2016 Study Guide

Microsoft 70-744 Securing Windows Server 2016 Exam Study Guide

This page is a directory that links to posts I have written that cover the official objectives in the Microsoft’s 70-744 Securing Windows Server 2016 exam. Basically if you’re after detailed information on any of the exam objectives below simply click the link for further information. I passed the exam in April 2017 with a score of 916 and started creating these posts while studying as I found the amount of information online at the time to be lacking.

The official objectives for the 70-744 exam can be found here.

Study Materials

Below is a list of material that I am using while studying for the 70-744 exam.

Below you will find links to posts that I have created covering different areas of the 70-744 exam which will help you study for the exam.

Implement server hardening solutions (25-30%)

Secure a virtualization infrastructure (5-10%)

  • Implement a Guarded Fabric solution
    • Install and configure the Host Guardian Service (HGS)
    • Configure Admin-trusted attestation
    • Configure TPM-trusted attestation
    • Configure the Key Protection Service using HGS
    • Migrate Shielded VMs to other guarded hosts
    • Configure Nano Server as TPM attested guarded host
    • Troubleshoot guarded hosts
  • Implement Shielded and encryption-supported VMs
    • Determine requirements and scenarios for implementing Shielded VMs
    • Create a Shielded VM using only a Hyper-V environment
    • Enable and configure vTPM to allow an operating system and data disk encryption within a VM
    • Determine requirements and scenarios for implementing encryption-supported VMs
    • Troubleshoot Shielded and encryption-supported VMs

Secure a network infrastructure (10-15%)

Manage privileged identities (25-30%)

  • Implement an Enhanced Security Administrative Environment (ESAE) administrative forest design approach
    • Determine usage scenarios and requirements for implementing ESAE forest design architecture to create a dedicated administrative forest
    • Determine usage scenarios and requirements for implementing clean source principals in an Active Directory architecture
  • Implement Just-in-Time (JIT) Administration
    • Create a new administrative (bastion) forest in an existing Active Directory environment using Microsoft Identity Manager (MIM)
    • Configure trusts between production and bastion forests
    • Create shadow principals in bastion forest
    • Configure the MIM web portal
    • Request privileged access using the MIM web portal
    • Determine requirements and usage scenarios for Privileged Access Management (PAM) solutions
    • Create and implement MIM policies
    • Implement Just-in-Time administration principals using time-based policies
    • Request privileged access using Windows PowerShell
  • Implement Just-Enough-Administration (JEA)
    • Enable a JEA solution on Windows Server 2016
    • Create and configure session configuration files
    • Create and configure role capability files
    • Create a JEA endpoint
    • Connect to a JEA endpoint on a server for administration
    • View logs
    • Download WMF 5.1 to a Windows Server 2008 R2
    • Configure a JEA endpoint on a server using Desired State Configuration (DSC)
  • Implement Privileged Access Workstations (PAWs) and User Rights Assignments
    • Implement a PAWS solution
    • Configure User Rights Assignment group policies
    • Configure security options settings in Group Policy
    • Enable and configure Remote Credential Guard for remote desktop access
  • Implement Local Administrator Password Solution (LAPS)
    • Install and configure the LAPS tool
    • Secure local administrator passwords using LAPS
    • Manage password parameters and properties using LAPS

Implement threat detection solutions (15-20%)

Implement workload-specific security (5-10%)

Please note that Microsoft may update these at any time in the future, so if you find any differences please let me know.

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to and affiliated sites.