Windows Server 的安全性和保證Security and Assurance in Windows Server

適用於:Windows Server (半年通道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

提示

尋找舊版 Windows Server 的相關資訊嗎?Looking for information about older versions of Windows Server? 請查看我們其他位於 docs.microsoft.com 的 Windows Server 文件庫。您也可以搜尋這個網站以取得特定資訊。Check out our other Windows Server libraries on docs.microsoft.com. You can also search this site for specific information.

Icon representing a lock 您可以依賴內建於作業系統的多層新防護功能,以進一步防範安全性缺口。You can rely on new layers of protection built into the operating system to further safeguard against security breaches. 協助阻擋惡意攻擊,並加強虛擬機器、應用程式和資料的安全性。Help block malicious attacks and enhance the security of your virtual machines, applications, and data.

Windows Server 2016 安全性部落格文章Windows Server 2016 Security Blog Post

這篇來自 Windows Server 安全性團隊的部落格文章針對 Windows Servers 2016 中的許多改進做出重點介紹,這些改進可提升託管與混合式雲端環境的安全性。This blog post from the Windows Server security team highlights many of the improvements in Windows Servers 2016 that increase security for hosting and hybrid cloud environments.

資料中心和私人雲端安全性部落格Datacenter and Private Cloud Security Blog

這是來自 Microsoft 資料中心和私人雲端安全性團隊之技術性內容的主要部落格網站。This is the central blog site for technical content from the Microsoft Datacenter and Private Cloud Security team.

解決新興威脅和情勢轉移Addressing emerging threats and landscape shifts

在這段 6 分鐘的影片中,Anders Vinberg 會提供 Microsoft 的安全性和保證策略概觀,並討論與安全性有關的產業趨勢和情勢轉移。In this 6-minute video, Anders Vinberg provides an overview of Microsoft's security and assurance strategy, and discusses industry trends and landscape shifts as they relate to security. 接著專注在 Microsoft 針對保護工作負載免於基礎網狀架構影響,以及防範來自特殊權限帳戶的直接攻擊的重點計畫。He then focuses on Microsoft's key initiatives to protect workloads from the underlying fabric, and protect against direct attacks from privileged accounts. 最後說明當入侵發生時,新的偵測和鑑識功能會如何更有效地找出威脅。Finally, in case of breach, he explains how new detection and forensic capabilities can help better identify the threat.

保護您的資料中心和雲端免於新興威脅部落格文章Protecting Your Datacenter and Cloud from Emerging Threats blog post

本部落格文章討論如何使用 Microsoft 技術保護您的資料中心和雲端投資免於新興威脅。This blog post discusses how you can use Microsoft technologies to protect your datacenter and cloud investments from emerging threats.

Ignite 的安全性和保證概觀研討會Security and Assurance Overview session at Ignite

此 Ignite 講習將針對持續的威脅、內部人士資料外洩、有組織的網路犯罪,以及保護 Microsoft Cloud 平台 (搭配 Azure 的內部部署與已連線服務) 的安全進行討論。This Ignite session addresses persistent threats, insider breaches, organized cybercrime, and securing the Microsoft Cloud Platform (on-premises and connected services with Azure). 它包含了保護工作負載、大型企業租用戶,以及服務提供者之安全的案例。It includes scenarios for securing workloads, large enterprise tenants, and service providers.

透過受防護的 VM 保護虛擬化Secure virtualization with Shielded VMs

Channel 9 中的受防護 VMShielded VM in Channel 9

受防護的 VM 技術和優點逐步解說A walkthrough of Shielded VM technology and benefits

受防護的 VM 示範Shielded VM Demo

這段 4 分鐘的影片說明受防護 VM 的價值,以及受防護 VM 和不受防護 VM 之間的差異。This 4-minute video describes the value of shielded VMs and the differences between a shielded VM and a non-shielded VM.

[Windows Server 中受防護的虛擬機器影片逐步解說Shielded Virtual Machines in Windows Server video walkthrough](http://microsoft-cloud.cloudguides.com/Guides/Shielded Virtual Machines in Windows Server.htm)

此影片逐步解說示範「主機守護者服務」如何啟用受防護的虛擬機器,以防機密資料受到 Hyper-V 主機系統管理員未經授權的存取。This video walkthrough shows how the Host Guardian Service enables shielded virtual machines so that sensitive data is protected from unauthorized access by Hyper-V host administrators.

強化網狀架構︰保護 Hyper-V 中的租用戶密碼 (Ignite 影片)Harden the Fabric: Protecting Tenant Secrets in Hyper-V (Ignite Video)

此 Ignite 簡報將討論 Hyper-V、Virtual Machine Manager 中的增強功能,以及一個能啟用受防護 VM 的新守護者伺服器角色。This Ignite presentation discusses enhancements in Hyper-V, Virtual Machine Manager, and a new Guardian Server role to enable shielded VMs.

受防護網狀架構部署指南Guarded Fabric Deployment Guide

本指南針對受防護網狀架構主機和受防護的 VM,提供 Windows Server 及 System Center Virtual Machine Manager 的安裝和驗證資訊。This guide provides installation and validation information for Windows Server and System Center Virtual Machine Manager for Guarded Fabric Hosts and Shielded VMs.

受防護的 VM 和受防護網狀架構作業指南Shielded VM and Guarded Fabric Operations Guide

本指南針對如何設定受防護的 VM 環境 (包括受防護主機和租用戶的特定資訊),提供最佳作法和建議。This guide provides best practices and recommendations for how to configure your Shielded VM environment, including information specific to Guarded Hosts and tenants.

受防護的 VM 與受防護網狀架構疑難排解指南Shielded VM and Guarded Fabric Troubleshooting Guide

本指南提供解決您在受防護 VM 環境可能會遇到之問題的資訊。This guide provides information about how to resolve issues you may encounter in your Shielded VM environment.

受防護的 VM 文章Shielded VM Article

此白皮書所提供的概觀,說明受防護的 VM 如何提供更強大的整體安全性以避免竄改。This white paper provides an overview of how shielded VMs provide increased overall security to prevent tampering.

Privileged Access ManagementPrivileged Access Management

保護特殊權限存取Securing Privileged Access

說明如何保護特殊權限存取的藍圖。A road-map for how you can secure your privileged access. 此藍圖是結合伺服器安全性團隊、Microsoft IT、Azure 團隊和 Microsoft 諮詢服務的專業知識建置而成This road-map is built based on the combined expertise of the server security team, Microsoft IT, Azure team and the Microsoft Consulting Services

Microsoft Identity Manager 的 Just in Time AdministrationJust in Time Administration with Microsoft Identity Manager

本文討論 Microsoft Identity Manager 中隨附的特性和功能,包括 Just In Time (JIT) 特殊權限存取管理的支援。This article discusses features and capabilities included in Microsoft Identity Manager, including support for Just In Time (JIT) Privileged Access Management.

使用特殊權限存取管理保護 Windows 和 Microsoft Azure Active DirectoryProtecting Windows and Microsoft Azure Active Directory with Privileged Access Management

此 Ignite 簡報將涵蓋 Microsoft 在 Windows Server、PowerShell、Active Directory、Identity Manager 和 Azure Active Directory 中的策略與投資,以便透過更強大的驗證功能,以及使用 Just in Time 和 Just Enough Administration (JEA) 管理存取權,來解決系統管理員存取的風險。This Ignite presentation covers Microsoft's strategy and investments in Windows Server, PowerShell, Active Directory, Identity Manager, and Azure Active Directory for addressing the risks of administrator access through stronger authentication, and managing access using Just in Time and Just Enough Administration (JEA).

Just Enough Administration 文章Just Enough Administration Article

本文將分享 Just Enough Administration 的願景和技術詳細資料。這是一個 PowerShell 工具組,其設計可協助組織將操作員限制為僅具備執行特定工作所需的存取權,藉以降低風險。This document shares the vision and technical details of Just Enough Administration, a PowerShell toolkit designed to help organizations reduce risk by restricting operators to the only access required to perform specific tasks.

Just Enough Administration 示範影片Just Enough Administration demo video

Just Enough Administration 示範逐步解說Just Enough Administration demo walk through

認證保護Credential Protection

使用 Credential Guard 保護衍生的網域認證Protect derived domain credentials with Credential Guard

Credential Guard 使用以虛擬化為基礎的安全性來隔離機密資料,使得只有特殊權限的系統軟體可以存取這些資料。Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. 對這些密碼的未經授權存取會導致認證竊取攻擊,例如傳遞雜湊 (Pass-the-Hash) 或傳遞票證 (Pass-The-Ticket)。Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard 可透過保護 NTLM 密碼雜湊和 Kerberos 票證授權票證來防止這些攻擊。Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.

使用 Remote Credential Guard 保護遠端桌面認證Protect Remote Desktop credentials with Remote Credential Guard

Remote Credential Guard 可協助您將 Kerberos 要求重新導向回要求連線的裝置,藉以透過遠端桌面連線保護您的認證。Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. 它也會針對遠端桌面工作階段,提供單一登入體驗。It also provides single sign on experiences for Remote Desktop sessions. |

Credential Guard 示範影片Credential Guard demo video

這段 5 分鐘的影片示範 Credential Guard 和 Remote Credential GuardThis 5-minute video demos Credential Guard and Remote Credential Guard

強化作業系統和應用程式Hardening the OS and applications

Device Guard 部署指南Device Guard Deployment Guide

Device Guard 結合企業相關的軟硬體安全性功能,將這些功能一起設定時將會鎖定裝置,使該裝置只能執行您在程式碼完整性中定義的受信任應用程式。Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity.

Device Guard 示範影片Device Guard demo video

這段 7 分鐘的影片呈現 Device Guard 及其在 Windows Server 2016 上的使用方式This 7-minute video presents Device Guard and its usage on Windows Server 2016

控制流程防護Control Flow Guard

控制流程防護提供內建防護功能,以防範某些類別的記憶體損毀攻擊。Control Flow Guard provides built-in protection against some classes of memory corruption attacks.

Windows DefenderWindows Defender

Windows Defender 提供主動式偵測功能來封鎖已知的惡意程式碼。Windows Defender provides active detection capabilities to block known malware. Windows Defender 預設會開啟並最佳化,以支援 Windows Server 2016 上的各種伺服器角色。Windows Defender is turned on by default and is optimized to support the various server roles in Windows Server 2016.

偵測及回應威脅Detecting and Responding to Threats

使用 Microsoft Operations Management Suite 的安全性威脅分析Security Threat Analysis Using Microsoft Operations Management Suite

此 Ignite 簡報將討論如何使用 Operational Insights 執行安全性威脅分析。This Ignite presentation discusses how you can use Operational Insights to perform security threat analysis.

Microsoft Operations Management Suite (OMS)Microsoft Operations Management Suite (OMS)

Microsoft Operations Management Suite (OMS) 安全性和稽核解決方案可處理內部部署和雲端環境中的安全性記錄檔及防火牆事件,以分析並偵測惡意行為。The Microsoft Operations Management Suite (OMS) Security and Audit solution processes security logs and firewall events from on-premises and cloud environments to analyze and detect malicious behavior.

OMS 和 Windows ServerOMS and Windows Server

這段 3 分鐘的影片示範 OMS 如何協助偵測 Windows Server 所封鎖的潛在惡意行為。This 3-minute video shows how OMS can help detect potential malicious behavior that is blocked by Windows Server.

Microsoft 進階威脅分析Microsoft Advanced Threat Analytics

本部落格文章將討論 Microsoft 進階威脅分析。這是一個內部部署產品,可使用 Active Directory 網路流量和 SIEM 資料,來探索潛在威脅並發出警示。This blog post discusses Microsoft Advanced Threat Analytics, an on-premises product that uses Active Directory network traffic and SIEM data to discover and alert on potential threats.

Microsoft 進階威脅分析Microsoft Advanced Threat Analytics

這個 3 分鐘的影片呈現 Microsoft 如何在 Windows Server 中新增威脅分析功能的概觀。This 3-minute video presents an overview of how Microsoft is adding threat analytics capabilities in Windows Server. |

網路安全性Network Security

資料中心防火牆概觀Datacenter Firewall Overview

此概觀將討論資料中心防火牆,這是一個網路層、5-Tuple (通訊協定、來源和目的地連接埠號碼,以及來源和目的地 IP 位址)、可設定狀態、多租用戶的防火牆。This overview discusses Datacenter Firewall, a network layer, 5-tuple (protocol, source and destination port numbers, source and destination IP addresses), stateful, multitenant firewall.

Windows Server DNS 的新功能What's New in DNS in Windows Server

此概觀主題簡短說明 DNS 中的新功能,並提供詳細資訊連結。This overview topic provides brief descriptions of new capabilities in DNS, along with links for more information.

將安全性功能對應至相容性規定Mapping security features to compliance regulations

相容性是安全性功能的重要層面。Compliance is an important aspect of security features. 我們除了讓專家建議如何達成您的相容性,以及您信任的相容性顧問眼中的相容性之外,也想要提供初始對應,讓您能夠用來評估 Windows Server。We leave the expert advice on how to achieve your compliance and what compliance looks like to your trusted compliance advisers, but we also want to provide initial mapping for you to be able to use when evaluating Windows Server.