In this module, you will focus on how to improve the network security for Windows Server infrastructure as a service (IaaS) virtual machines (VMs) and how to diagnose network security issues with those VMs.


Contoso is a medium-size financial services company in London with a branch office in New York. Most of its compute environment runs on-premises on Windows Server. This includes virtualized workloads on Windows Server 2012 R2 hosts. Contoso IT staff are in the process of migrating Contoso servers to Windows Server 2019.

Contoso’s IT director realizes that Contoso has an outdated operational model with limited automation and reliance on dated technology. The Contoso IT Engineering team has started exploring Azure capabilities. They want to determine whether Azure services might assist with modernizing the current operational model through automation and virtualization.

As part of the initial design, the Contoso IT team asked you, their lead system engineer and server administrator, to set up a proof of concept environment. This environment must verify whether Azure services can help to modernize the IT infrastructure and meet business goals.

In particular, the Contoso Information Security and Compliance team expressed concerns about possible risks introduced by migrating on-premises workloads to Azure.

In this module, you'll learn how to implement Network Security Groups (NSGs), adaptive network hardening, and Azure Firewall. You'll learn how to choose an appropriate network traffic filtering solution, and how to log traffic with Network Watcher.

Learning objectives

After completing this module, you will be able to:

  • Implement NSGs with Windows Server IaaS VMs.
  • Implement adaptive network hardening.
  • Implement Azure Firewall.
  • Implement Windows Defender Firewall in Windows Server IaaS VMs.
  • Choose an appropriate filtering solution.
  • Capture network traffic with Network Watcher.


To get the best learning experience from this module, it's important that you have knowledge and experience of the following areas:

  • Managing Windows Server operating system and Windows Server workloads in on-premises scenarios, including AD DS, DNS, Distributed File System (DFS), Microsoft Hyper-V, and file and storage services.
  • Common Windows Server management tools.
  • Core Microsoft compute, storage, networking, and virtualization technologies.
  • Implementing and managing IaaS services in Microsoft Azure.
  • Azure Active Directory (Azure AD).
  • Security-related technologies (firewalls, encryption, multi-factor authentication).
  • Windows PowerShell scripting.
  • Automation and monitoring.