安全性與 Windows Server 中保證Security and Assurance in Windows Server

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

Icon representing a lock 您可以依賴新作業系統進一步對抗安全性漏洞,以建置的保護層級。You can rely on new layers of protection built into the operating system to further safeguard against security breaches. 協助封鎖惡意攻擊,提升您虛擬電腦、 應用程式,以及資料的安全性。Help block malicious attacks and enhance the security of your virtual machines, applications, and data.

Windows Server 2016 安全性部落格文章Windows Server 2016 Security Blog Post

Windows Server 安全性團隊這個部落格文章重點提高安全性裝載和混合的環境雲端 Windows 伺服器 2016年中的改良功能的許多項目。This blog post from the Windows Server security team highlights many of the improvements in Windows Servers 2016 that increase security for hosting and hybrid cloud environments.

Datacenter 和私人雲端安全性部落格Datacenter and Private Cloud Security Blog

這是來自 Microsoft 的資料中心和私人雲端安全性小組技術 content 的中央部落格網站。This is the central blog site for technical content from the Microsoft Datacenter and Private Cloud Security team.

制位址新興威脅和的景致Addressing emerging threats and landscape shifts

在這個影片中 6 分鐘,下士 Vinberg 提供的 Microsoft 安全性和保證策略、 概觀討論 industry 趨勢及景致制與安全性相關。In this 6-minute video, Anders Vinberg provides an overview of Microsoft's security and assurance strategy, and discusses industry trends and landscape shifts as they relate to security. 他然後專注於工作負載保護的基礎結構,並保護個特殊權限帳號 direct 攻擊 Microsoft 金鑰的計劃。He then focuses on Microsoft's key initiatives to protect workloads from the underlying fabric, and protect against direct attacks from privileged accounts. 最後,以方便的違約,他解釋新偵測及法庭功能可協助變得更好辨識的威脅。Finally, in case of breach, he explains how new detection and forensic capabilities can help better identify the threat.

保護您的資料中心和雲端從新的威脅部落格文章Protecting Your Datacenter and Cloud from Emerging Threats blog post

這篇部落格文章將告訴您如何使用 Microsoft 技術來保護您的資料中心和雲端投資新威脅。This blog post discusses how you can use Microsoft technologies to protect your datacenter and cloud investments from emerging threats.

安全性與保證概觀工作階段 Ignite。Security and Assurance Overview session at Ignite

此 Ignite 工作階段位址持續性的威脅,測試人員破壞、 整理網路犯罪,和保護 Microsoft Cloud 平台 (先及使用 Azure 連接的服務)。This Ignite session addresses persistent threats, insider breaches, organized cybercrime, and securing the Microsoft Cloud Platform (on-premises and connected services with Azure). 它包括保障工作負載、 大型企業 tenants 及服務提供者的案例。It includes scenarios for securing workloads, large enterprise tenants, and service providers.

安全模擬不但 Vm 的Secure virtualization with Shielded VMs

第 9 頻道中的護套的 VMShielded VM in Channel 9

逐步解說不但 VM 的技術與優點A walkthrough of Shielded VM technology and benefits

護套的 VM 示範Shielded VM Demo

這段影片中 4 分鐘描述護套的 Vm 和護套的 VM 非不但 VM 不同的值。This 4-minute video describes the value of shielded VMs and the differences between a shielded VM and a non-shielded VM.

在 Windows Server 視訊逐步解說護套的虛擬電腦Shielded Virtual Machines in Windows Server video walkthrough

視訊本節顯示如何主機監護人服務可讓不但虛擬電腦,以便機密資料未經授權的存取受 HYPER-V 主機系統管理員。This video walkthrough shows how the Host Guardian Service enables shielded virtual machines so that sensitive data is protected from unauthorized access by Hyper-V host administrators.

[強化 Fabric: 保護承租人 HYPER-V 中的密碼 (在 視訊)Harden the Fabric: Protecting Tenant Secrets in Hyper-V (Ignite Video)

此 Ignite 簡報討論 HYPER-V,一樣管理員] 中的改進,以便新的監護人伺服器角色不但 Vm。This Ignite presentation discusses enhancements in Hyper-V, Virtual Machine Manager, and a new Guardian Server role to enable shielded VMs.

守護的 Fabric 部署指南Guarded Fabric Deployment Guide

本指南安裝和驗證的資訊適用於 Windows Server 和 System Center 一樣 Manager 保護 Fabric 主機和不但 Vm。This guide provides installation and validation information for Windows Server and System Center Virtual Machine Manager for Guarded Fabric Hosts and Shielded VMs.

護套的 VM 和守護的 Fabric 作業指南Shielded VM and Guarded Fabric Operations Guide

本指南提供最佳做法與建議以了解如何設定您的不但 VM 環境,包括保護主機和 tenants 的特定資訊。This guide provides best practices and recommendations for how to configure your Shielded VM environment, including information specific to Guarded Hosts and tenants.

護套的 VM 和守護的 Fabric 疑難排解指南Shielded VM and Guarded Fabric Troubleshooting Guide

本指南提供如何修正不但 VM 環境中,您可能遇到的問題的相關資訊。This guide provides information about how to resolve issues you may encounter in your Shielded VM environment.

護套的 VM 文件Shielded VM Article

此白皮書提供概觀不但 Vm 提升整體的安全性,以避免竄改。This white paper provides an overview of how shielded VMs provide increased overall security to prevent tampering.

存取特殊權限的管理Privileged Access Management

保護的存取權限Securing Privileged Access

在道路地圖的方式,您可以保護您的權限存取。A road-map for how you can secure your privileged access. 此道路對應的安全性小組伺服器、 Microsoft IT、 Azure 小組和 Microsoft 顧問服務的組合專業建置根據This road-map is built based on the combined expertise of the server security team, Microsoft IT, Azure team and the Microsoft Consulting Services

只會在時間管理的 Microsoft Id 管理員Just in Time Administration with Microsoft Identity Manager

本文會討論功能與包含在 Microsoft 的身分管理員中,包括支援只在時間 (JIT) 特殊權限存取管理功能。This article discusses features and capabilities included in Microsoft Identity Manager, including support for Just In Time (JIT) Privileged Access Management.

保護存取權限的管理的 Windows 和 Microsoft Azure Active 的 DirectoryProtecting Windows and Microsoft Azure Active Directory with Privileged Access Management

此 Ignite 簡報涵蓋 Microsoft 策略與 Windows Server、 PowerShell、 Active Directory、 管理員的身分,Azure Active Directory 中的投資的位址透過較驗證時,系統管理員存取及管理僅使用時間,只要足以管理 (JEA) 的存取權的風險。This Ignite presentation covers Microsoft's strategy and investments in Windows Server, PowerShell, Active Directory, Identity Manager, and Azure Active Directory for addressing the risks of administrator access through stronger authentication, and managing access using Just in Time and Just Enough Administration (JEA).

只要不足的系統管理文章Just Enough Administration Article

本文件共用的願景和的只達到管理設計用來協助降低藉由限制只有存取,才能執行特定工作電信業者組織 PowerShell 工具組技術的詳細資訊。This document shares the vision and technical details of Just Enough Administration, a PowerShell toolkit designed to help organizations reduce risk by restricting operators to the only access required to perform specific tasks.

只要達到管理示範影片Just Enough Administration demo video

只要達到管理示範逐步Just Enough Administration demo walk through

Credential 保護Credential Protection

保護衍生的網域憑證的 Credential GuardProtect derived domain credentials with Credential Guard

Credential Guard,只系統有特殊權限的軟體可以存取他們隔離可使用模擬為基礎的安全性。Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. 會導致認證竊取攻擊,例如 Pass Hash 或 Pass 票證未經授權的存取這些密碼。Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard 會防止這些攻擊 NTLM 密碼 hashes 和授與門票票證 Kerberos 保護。Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.

保護遠端桌面憑證的遠端 Credential GuardProtect Remote Desktop credentials with Remote Credential Guard

遠端 Credential Guard 可協助您重新導向 Kerberos 要求的裝置要求連接到遠端桌面連接到保護您的認證。Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. 它也會在 [遠端桌面工作階段體驗提供單一登入。It also provides single sign on experiences for Remote Desktop sessions. |

Credential Guard 示範影片Credential Guard demo video

此 5 分鐘的影片示範 Credential Guard 及遠端 Credential GuardThis 5-minute video demos Credential Guard and Remote Credential Guard

強化作業系統和應用程式Hardening the OS and applications

裝置 Guard 部署指南Device Guard Deployment Guide

Device Guard 的企業相關的硬體組合,軟體安全性功能、 設定在一起,將會鎖定裝置只能執行您所定義您的程式碼完整性信任的應用程式。Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity.

裝置 Guard 示範影片Device Guard demo video

在 Windows Server 2016 上此 7 分鐘的影片呈現 Device Guard 和其使用方式This 7-minute video presents Device Guard and its usage on Windows Server 2016

控制流程 GuardControl Flow Guard

控制 Flow Guard 提供建防護一些類損壞的記憶體攻擊。Control Flow Guard provides built-in protection against some classes of memory corruption attacks.

Windows DefenderWindows Defender

Windows Defender 提供封鎖已知的惡意程式碼的作用中的偵測功能。Windows Defender provides active detection capabilities to block known malware. Windows Defender 會亮起來預設和最佳化 Windows Server 2016 中支援各種伺服器角色。Windows Defender is turned on by default and is optimized to support the various server roles in Windows Server 2016.

偵測及回應威脅Detecting and Responding to Threats

使用 Microsoft 作業管理組件安全性威脅分析Security Threat Analysis Using Microsoft Operations Management Suite

此 Ignite 簡報將告訴您如何使用來執行安全性威脅分析操作見解。This Ignite presentation discusses how you can use Operational Insights to perform security threat analysis.

Microsoft 作業管理組件 (OMS)Microsoft Operations Management Suite (OMS)

Microsoft 作業管理組件 (OMS) 安全性稽核方案處理程序安全性登及先防火牆事件及雲端環境分析及偵測到惡意的行為。The Microsoft Operations Management Suite (OMS) Security and Audit solution processes security logs and firewall events from on-premises and cloud environments to analyze and detect malicious behavior.

OMS 和 Windows ServerOMS and Windows Server

這 3 分鐘的影片顯示 OMS 如何協助偵測已封鎖的 Windows Server 潛在惡意行為。This 3-minute video shows how OMS can help detect potential malicious behavior that is blocked by Windows Server.

Microsoft 進階威脅 AnalyticsMicrosoft Advanced Threat Analytics

這篇部落格文章討論 Microsoft 進階威脅分析,先 product 會使用 Active Directory 網路流量和 SIEM 資料,探索並警示上可能的威脅。This blog post discusses Microsoft Advanced Threat Analytics, an on-premises product that uses Active Directory network traffic and SIEM data to discover and alert on potential threats.

Microsoft 進階威脅 AnalyticsMicrosoft Advanced Threat Analytics

這 3 分鐘段影片介紹 Microsoft 如何在 Windows Server 中新增威脅 analytics 功能。This 3-minute video presents an overview of how Microsoft is adding threat analytics capabilities in Windows Server. |

網路安全性Network Security

Datacenter 防火牆概觀Datacenter Firewall Overview

此概觀討論 Datacenter 防火牆網路層級 5-有序元組通訊協定,來源和目的地的連接埠號碼 ([來源和目的地的 IP 位址)、 狀態、 multitenant 防火牆。This overview discusses Datacenter Firewall, a network layer, 5-tuple (protocol, source and destination port numbers, source and destination IP addresses), stateful, multitenant firewall.

在 Windows Server DNS 中的新功能What's New in DNS in Windows Server

此概觀主題提供 DNS,以及更多的資訊連結的新功能的簡短描述。This overview topic provides brief descriptions of new capabilities in DNS, along with links for more information.

對應 compliance 規範安全性功能Mapping security features to compliance regulations

相容性是重要的安全性功能。Compliance is an important aspect of security features. 我們如何達成您的相容性,以及哪些 compliance 看起來像您信任的相容性 advisers,以保持專家建議,但是我們也想要提供您無法使用時,正在評估 Windows Server 的初始對應。We leave the expert advice on how to achieve your compliance and what compliance looks like to your trusted compliance advisers, but we also want to provide initial mapping for you to be able to use when evaluating Windows Server.