課程名稱:Microsoft Certified Windows Server Hybrid Administrator Associate (2科 Windows Server 2025) 國際認可證書課程 (Fast Track) - 簡稱:Windows Server 2025 Training Course (Fast Track) (提供 7x24 實習器材) |
AZ-800 Administering Windows Server Hybrid Core Infrastructure (42 hrs)
1. Configuring DHCP Server Role
1.1 DHCP Client and Server interaction
1.2 Installing DHCP Server Role
1.3 DHCP Scope
1.4 DHCP Address Exclusion Range
1.5 DHCP Reservation
1.6 Conflict Address Detection
1.7 DHCP Policy Based Assignment (PBA) with User Classes
1.7.1 To create a User Class
1.7.2 To use a User Class
1.8 DHCP Server Network Binding
2. Configuring a Windows Server Router
2.1 Two Router Forms
2.1.1 Hardware Routers
2.1.2 Software Routers
2.2 Routing in Windows Server
2.2.1 To set the default gateway or DC1 and KV1
2.2.2 Enable Routing Service on WS1
2.3 DHCP Relay (接力) Agent (代理人)
2.3.1 Configure a new scope for the network 20.0.0.0 in the DHCP server in DC1
2.3.2 Configure WS1 as a DHCP Relay Agent
2.4 New Client-Side features
2.4.1 New DHCP Client-side features in the Windows 10 April 2018 Update
2.4.2 New DHCP Client-side features in the Windows 10 May 2020 Update
3. Roaming VPN to On-Premises Network
3.1 Configuring VPN
3.2 Deploying VPN Connections using CMAK
3.3 PPTP and L2TP
4. Basic Concept of Storage Virtualization
4.1 Concepts of Storage Pool, Virtual Disk, and Storage Virtualization in Windows Server
4.1.1 Storage Pool
4.1.2 Virtual Disk
4.1.3 Volume
4.2 Configuring a Storage Pool
4.3 Configuring a Virtual Disk
4.3.1 Creating a Simple Virtual Disk
4.3.2 Creating a Mirrored Virtual Disk
4.3.3 Creating a Parity Virtual Disk
4.4 Redundancy of Virtual Disks
4.5 Maintaining Storage Pool
4.6 Repairing a Storage Pool automatically using Hot Spare disks
5. Advanced Concepts of Storage Virtualization
5.1 Introduction to Tiered Storage Pool
5.2 Configuring a Tiered Storage Pool
5.3 Pinning files to specific storage tier
5.4 Storage Tiers Optimization Task
5.5 Dual Parity Non-Tiered Virtual Disks
6. Basic Concepts of Internet SCSI
6.1 Introduction to SCSI and Internet SCSI
6.2 Configuring iSCSI Portal
6.3 Configuring iSCSI Targets
6.4 Configuring iSCSI Initiator
7. NTFS Permissions
7.1 Standard NTFS Permissions on Folders and Files
7.2 Taking Ownership (擁有權) of Folders and Files
7.3 Giving Users the Ability to Take Ownership
7.4 To Take (取得) Ownership
7.5 More About Taking Ownership
8. Share Permissions
8.1 Configuring Share Permissions
8.2 Access-Based Enumeration (ABE)
8.3 Combining Share Permissions and NTFS Permissions
8.4 Access-Denied Assistance
9. File Server Resource Manager
9.1 Introduction to FSRM
9.2 File Server Resource Manager in Quota Management
9.2.1 Quota Templates and standard Quota
9.2.2 Storage Reports Management
9.2.3 Auto Apply Quotas
9.3 File Screening
9.3.1 Create Screening Template
9.3.2 Create File Screens
9.4 File Management Tasks
9.4.1 Creating a File Expiration Task
10. Storage in Azure Cloud
10.1 Creating a Free Azure account
10.1.1 Services included in Azure Free account
10.1.2 Setting up a Free Account
10.2 Storage Account Endpoints
10.2.1 About Require Secure Transfer
10.3 Creating a GPv2 Storage Account
10.4 Introduction to Azure Files
10.5 Data Access Method of Azure Files
10.6 Creating Azure File Share
10.7 Mounting Azure Files
10.8 Azure File Sync
10.8.1 Terminology
10.8.2 Preparing Windows Server
10.8.3 Installing the Azure File Sync Agent
10.8.4 Installing “Az” PowerShell Module
10.8.5 Deploying the Azure File Sync Service
10.8.6 Server Registration
10.8.7 Create a sync group and a cloud endpoint
10.8.8 Creating Server Endpoint
10.9 Cloud Tiering
10.9.1 How Cloud Tiering works
10.9.2 Cloud Tiering Policy
10.9.3 Configuring Cloud Tiering
10.9.4 Forcing Recall of a File or Directory
10.9.5 Unregistering server and removing the Sync Group
11. Windows Server Role
11.1 Domain Controller (DC, 網域控制器)
11.2 Member Server (成員伺服器)
11.3 The Kerberos Authentication Protocol
11.3.1 Understanding Kerberos concepts
11.3.2 Default Kerberos Policy
12. Creating and Managing User Accounts
12.1 To Create Domain User Accounts
12.2 Deleting and Renaming User Accounts
13. Concept of Groups (群組)
13.1 Global Groups (全域群組)
13.2 Local Groups (本機群組)
13.3 General Usage (普遍用法) of a Global Group and a Local Group
13.3.1 Team-up (組合) domain user accounts by a Global Group (請於家中進行)
13.3.2 Assign (指定) permissions to a Local Group (請於家中進行)
13.3.3 Add (加入) the Global Group as a member of Local Group
13.4 Some Built-in (內置) Global Groups
13.5 Some Built-in (內置) Local Groups
13.6 Domain Local Groups (網域本機群組)
13.6.1 General Usage (普遍用法) of a Global Group and a Domain Local Group
13.6.2 Some Built-in (內置) Domain Local Groups
13.6.3 Built-in System Groups
13.7 Local User Accounts
13.8 Domain User Accounts
13.9 Built-in (內置) Local User Accounts
13.10 Some Built-in Domain User Accounts
14. Concept of Active Directory
14.1 Logical Structure (企業組織架構)
14.1.1 Domains
14.1.2 Trees (樹)
14.1.3 Forests (森林)
14.1.4 Organizational Unit (OU, 組織單位)
14.2 Physical Structure (企業地理結構)
15. Concepts of Windows Policy (原則)
15.1 Local Computer Policy
15.1.1 Add the Snap-in (加插工具) “Local Computer Policy” to the MMC (請於家中進行)
15.1.2 Edit a Local Computer Policy Setting (請於家中進行)
15.2 Site, Domain or OU Policy
15.3 Priority of Windows Policies:
15.4 Important Facts and Rules of Group Policy
15.5 Refresh Interval for Group Policy
15.6 Group Policy Security Filter
15.7 Group Policy Administrative Templates
15.8 ADMX Central Store
15.8.1 To create the central store:-
15.8.2 Adding Custom ADMX Templates
15.8.3 Benefits of storing ADMX files in Central Store (SYSVOL)
15.9 Group Policy Startup Script
15.10 Group Policy Slow-link detection
16. Domain Functional Level (DFL)
16.1 Understanding AD DS Domain Function Levels
16.2 Supported Domain Functional Level and Features by Windows Server
16.3 Group Types of Active Directory
16.3.1 Security Group
16.3.2 Distribution Group
16.4 Scopes (範圍) of Security Group
16.4.1 Domain Local Group
16.4.2 Global Group
16.4.3 Universal Group (通用群組)
16.5 Common Usage (普遍用法) of Global Group, Universal Group and Local Group
16.6 Creation of a Group
16.7 Raise Domain Functional Level
16.8 Rollback Options of Domain Functional Level (Optional Knowledge)
16.9 Using Fine-Grained Password and Lockout Policy
16.10 Preparation
16.11 Creating Password Setting Objects by using ADSI Editor and ADAC
16.12 Apply PSOs to Users or Global Groups
16.12.1 Viewing Resultant PSO
16.12.2 The logic behind precedence: calculating RSOP
16.12.3 Scenario I: Using PSO after Upgrading to Windows Server 2016
16.12.4 Scenario II: Migrating to Windows Server with PSO support
17. Forest Functional Level
17.1 Forest Functional Levels available in Windows Server
17.2 Guidelines for raising Forest Functional Level
18. Active Directory Recycle Bin
18.1 About deleted Active Directory Objects
18.2 Overview of Restoring Active Directory objects by Recycle Bin
18.3 Enabling the Active Directory Recycle Bin
18.4 LDAP Names
18.5 Restoring Active Directory Objects
18.6 More about restoring multiple Active Directory Objects
19. Additional Domain Controllers
19.1 Installing Additional Domain Controllers by Network
19.2 Domain Controller LDAP Names
19.3 Effects on Active Directory with additional domain controllers
19.3.1 Computer account of DC2
19.3.2 Site location of DC2
19.3.3 Service Resource Records updated
20. DHCP High Availability
20.1 Multiple DHCP Servers on the Same Network
20.1.1 To Install and Authorize DHCP Server on DC2
20.1.2 Using the Split Scope Wizard
20.2 DHCP Failover
20.3 About DHCP Load Sharing mode
21. Global Catalog and FSMO Roles
21.1 Introduction to Global Catalog and FSMO Roles
21.2 Global Catalog (通用類別目錄)
21.3 Compacting Active Directory Database
21.4 Schema Master – Per Forest
21.4.1 To display current Schema Master Role
21.4.2 To safely transfer the Schema Master Role to DC2
21.4.3 To Seize (強奪) transfer the Schema Master Role on DC1
21.4.4 To extend Active Directory Schema
21.4.5 To disable an Active Directory Schema
21.5 Domain Naming Master – Per forest
21.5.1 To display current Domain Naming Master of your forest
21.5.2 To safely transfer Domain Naming Master role to DC2 (無須進行,理解便可)
21.5.3 To seize Domain Naming Master role at DC1 (無須進行,理解便可)
21.6 PDC Emulator– Per Domain
21.6.1 Configuring Windows Time Service on PDC Emulator
21.7 Relative ID Master – Per Domain
21.7.1 To display current RID Master of your forest
21.8 Infrastructure Master – Per Domain
21.9 Active Directory Replication Status Tool
22. Microsoft Entra ID
22.1 Entra ID Administrator Roles
22.1.1 Global Administrator role
22.1.2 User Administrator role
22.1.3 Billing Administrator role
22.2 Users and Licenses of Microsoft Entra ID
22.3 Terminology of Microsoft Entra ID
22.4 Microsoft Entra ID Custom Domain names
22.5 Creating Entra ID User account
22.6 Managing User Profile Information
22.7 Resetting Microsoft Entra ID User Password
22.8 Configure Access with Microsoft Entra ID Groups
22.9 Dynamic Group
22.10 Differences between Azure RBAC roles and Entra ID administrator roles
22.11 Set up directory synchronization
22.11.1 Principal of Password Hash Synchronization
22.12 Monitoring AD Connect Synchronization Health
22.12.1 Entra ID Connect Sync Insight
22.12.2 Sync Latency
22.12.3 Sync Object Changes
22.12.4 To Disable Entra Connect Sync
23. Windows Admin Center
23.1 Overview of Windows Admin Center
23.2 Deploying Windows Admin Center
23.3 Configuring Windows Admin Center
23.4 Enabling Windows Admin Center Single-Sign On (SSO)
23.5 Deploying Extensions to Windows Admin Center
24. NIC Teaming
24.1 Introduction to NIC Teaming
24.2 Configuring NIC Teaming
24.3 Configuring LACP
25. Windows Containers
25.1 Introduction to Windows Containers
25.2 Fundamental Concepts of Windows Containers
25.2.1 The Microsoft container ecosystem
25.2.2 Container Host
25.2.3 Container Image
25.2.4 Sandbox
25.2.5 Container OS Image:
25.2.6 Container Repository
25.3 Windows Container Types
25.3.1 Windows Server Containers
25.3.2 Hyper-V Container
25.4 Introduction to Docker
25.5 Containers for Developers
25.6 Containers for IT Professionals
25.7 Configuring Windows Container Host
25.8 Deploying a container
25.8.1 More about Windows container version compatibility
25.9 Building Container Images
25.9.1 Manually creating container image
25.10 Hyper-V Containers
25.11 A Special Reminder on Hyper-V Container Host
25.12 More about Hyper-V isolation
25.13 Container Networking Concepts
26. Azure Container Instances (ACI)
26.1 Introduction to ACI
26.2 Creating Azure Container Instance
26.3 Viewing Container Logs
26.4 Quota and Limits of Azure Container Instances
27. Azure Container Registry (ACR)
27.1 Introduction to Azure Container Registry, Repository and Images
27.1.1 About Container Registry
27.1.2 About Repository
27.1.3 About Container Image
27.2 Use cases and Key features of Azure Container Registry
27.3 Creating a Private Container Registry
27.4 Pull, Build, Push, Run a container image using Azure Container Registry Tasks
27.5 Azure Container Registry Roles and Permissions
28. High Availability Features
28.1 Failover Clusters
28.1.1 Quorum Configuration in Windows Server
28.1.2 Two-node file server cluster
28.1.3 Configure Possible Owners
28.1.4 Failback
28.2 Scale-Out File Server for Application Data
28.2.1 Introduction to Scale-Out File Server
28.2.2 Deploying a Scale-Out File Server
28.3 Configuring Hyper-V to use Scale-Out File Server (Optional Knowledge)
28.4 The SMB Witness protocol (Optional knowledge)
28.5 Managing a Failover Cluster with Windows Admin Center
29. Configuring ADDS Forest
29.1 Additional Domains in existing Forest
29.2 Configuring a new domain tree to join existing forest
29.2.1 Creating new Domain Tree to join existing Forest on DCA
29.2.2 Check the Trust relationship
29.3 Conditional DNS Forwarding
29.3.1 Enable Conditional forwarding of xyz.com in systematic.com’s DNS Server
29.3.2 Enable Conditional forwarding of systematic.com in xyz.com’s DNS Server
29.4 Enabling Global Catalog (GC) for xyz.com
29.4.1 Enabling GC on dca.xyz.com
29.4.2 Adding DNS Service Location (SRV) Record for Global Catalog Server
29.5 An Example of Domain-Wide authentication and Resource assessment
29.6 Assigning Permissions in a multi-domain environment
29.7 Active Directory Migration Tool
29.7.1 Installing ADMT and SQL Server Express
29.7.2 Migrating Domain User Account
29.7.3 More about ADMS and IMS
29.8 Deploying Child Domain
29.8.1 Creating DNS Delegation for domain “money.xyz.com”
29.8.2 Deploying domain controller for a child domain
30. Managing ADDS Trusts
30.1 Types of Trust within a Forest (Intra-Forest)
30.2 Types of Inter-Forest Trust (Inter-Forest)
30.3 Creating Forest Trust
30.3.1 Background
30.3.2 Creating a Two-Way Transitive Forest Trust
30.4 Updating UPN Suffixes for Forest Trust
30.5 Selective Authentication
30.5.1 事前驗證
30.5.2 Deploying Selective Authentication
30.5.3 Granting “Allowed-to-Authenticate” permission to larry@msn.com on KV1
31. On-Premise and Internet DNS
31.1 The Domain Name Space
31.2 Types of Windows DNS Zones
31.3 Active Directory Integrated Zone
31.3.1 Zone data storage of Active Directory Integrated Zone
31.3.2 Zone Replication Scope
31.3.3 Using Application Directory Partition
31.4 Standard Primary Zone
31.5 Standard Secondary Zone
31.6 Three Methods to Implement a DNS Zone
31.6.1 To Install One More DNS Server on WS2 and managed by DC1
31.6.2 To Create systematic.com Standard Secondary Zone for WS2 DNS Server
31.6.3 Configure DC1 to allow zone transfer to WS2 DNS Server
31.7 Forward Lookup Zone and Host (A) Records
31.8 Reverse Lookup Zone and Pointer (PTR) Records
31.8.1 To Create a Reverse Lookup Zone
31.8.2 To Create a Pointer (PTR) Record
31.9 Forward Lookup Zone and Mail Exchanger (MX) Records
31.10 Name Server (NS) Record and the Name Servers Tab
31.11 More about Zone Transfer from Primary to Standard Secondary
31.12 DNS Sub-domains
31.12.1 Creating a DNS Sub-domain By Using “New Domain”
31.12.2 Creating a DNS Sub-domain By Using “New Delegation”
31.12.3 Creating a DNS Sub-domain By Using “Stub Zone”
31.13 Background zone loading
31.14 Global Names Zone
31.14.1 To create a Global Names Zone (GNZ)
31.14.2 Deploying GlobalNames zone for Multiple forest
31.15 Three Tiers (三重) of Caching (緩衝)
31.15.1 1st Tier – Client Side Caching
31.15.2 2nd Tier – Queries through an Cache (中途的) DNS server
31.15.3 3nd Tier – Memory Caching on Authoritative Primary or Secondary Servers
31.16 Forwarders
31.16.1 Server-level Forwarder
31.16.2 Conditional Forwarder
31.16.3 Configuring Conditional Forwarders
31.16.4 Storing Conditional Forwarder in Active Directory
31.17 Root Zone, Root Hints
31.17.1 Creating Root Zone
31.17.2 Deleting Root Zone
AZ-801 Configuring Windows Server Hybrid Advanced Services (24 hrs)
1. Advanced DNS Server configuration
1.1 More about Zone Transfer: AXFR and IXFR
1.2 BIND Secondaries
1.3 DNS Debug Logging
1.4 Removing out-dated DNS records
1.5 Securing DNS resource records
1.6 Dynamic Update
1.7 Restricting DNS Server interface binding
2. DNS Client side configuration
2.1 Configuring DNS client by NRPT policy
3. DNS Security Extensions
3.1 Overview of DNSSEC
3.2 Threats of DNS Protocol
3.3 Principal of DNS Security Extension
3.3.1 Digital Signatures
3.3.2 Zone Signing
3.3.3 Authenticated Denial of Existence
3.3.4 Trust Anchors
3.3.5 DNSSEC key management
3.3.6 DNSSEC-aware DNS Clients
3.3.7 NRPT Policy for DNSSEC Validation
3.4 A DNSSEC Test Lab scenario
3.4.1 Create the zone “fabrikam.com”
3.4.2 Configure the cache DNS server WS2
3.4.3 Reconfigure DNS Client to use Cache DNS Server
3.5 Configuring and testing DNSSEC
3.5.1 Query unsigned zones without DNSSEC validation requirement
3.5.2 Signing a zone by DNSSEC
3.5.3 To distribute Trust Anchor Manually
3.5.4 Querying a Signed-Zone without Validation requirement
3.5.5 Configuring DNS Client to perform DNSSEC validation
3.5.6 Querying a Signed-zone with Validation required
3.5.7 Situation when Validation Failed
3.5.8 Situation when the attacker uses a Fake signature
3.6 More about using DNSSEC for Public Internet Domains
4. Windows Server Compute and Virtualization services
4.1 Microsoft Hyper-V Server and Windows Server Hyper-V role
4.2 Hyper-V General Requirements
4.2.1 CPU and BIOS/UEFI Firmware
4.2.2 More about Logical Processor and Virtual Processor
4.2.3 Memory
4.2.4 Network/NIC Requirements
4.2.5 Storage
4.2.6 Standalone Hyper-V with local disks
4.2.7 Hyperconverged and Storage Spaces Direct
4.2.8 Disaggregated Storage Spaces Direct
4.2.9 Mixed architecture support
4.3 Installing Hyper-V Role Service on Windows Server 2025
4.4 Creating a Virtual Machine and Installing a Guest OS
4.5 Installing and Configuring Windows Hyper-V Server (無需進行,理解便可)
4.6 Configuring Hyper-V Server to accept Remote Management
4.7 Managing Hyper-V Server from a remote location
5. Configure Hyper-V Settings and Virtual Networks
5.1 Configuring VHD Storage location
5.2 Upgrading Virtual Machine Configuration Version
5.3 Checkpoint (Snapshot) Location
5.3.1 Standard Checkpoint
5.3.2 Production Checkpoint
5.4 Hot add and Hot removal of Virtual hardware
5.5 Nested Virtualization
5.6 Host Resource Protection
5.7 Windows PowerShell Direct
5.8 Managing Multiple Virtual Machines
5.8.1 Creating VM collections (無須進行,理解便可)
5.8.2 Creating Management Collections
5.9 Configuring the Virtual Network
5.9.1 Virtual Switch Manager
5.9.2 Virtual Network Connection Type
5.9.3 External virtual networks
5.10 Guest Network Load Balancing
5.10.1 Installing Network Interface Driver on Microsoft Hyper-V Server (無需進行,理解便可)
5.10.2 Connecting a the Hyper-V Host to a VLAN
5.10.3 Connecting a the Hyper-V Child Partition to a VLAN
5.11 Single Root I/O Virtualization
6. Shared Nothing Live Migration
6.1 Concepts of Live Migration
6.2 Configuring Live Migration in a Shared Nothing/Non-Clustered environment
6.3 Performing Live Migration of virtual machine in a Shared Nothing environment
6.4 More about Processor Compatibility Mode
7. Hyper-V Replica Server
7.1 Introduction to Hyper-V Replica
7.2 Configuring Hyper-V Replica
7.3 Testing Failover
7.4 Performing a Planned Failover
7.5 Performing a Un-planned Failover
8. Generation 2 Virtual Machines
8.1 Generation 2 Virtual Machine in Hyper-V
8.1.1 To create a Generation 2 virtual machine:
8.2 Enhanced Session Mode
8.2.1 Overview of Enhanced Session Mode
8.2.2 Practical application of Enhanced Session Mode
8.2.3 To enable Enhanced Session Mode
8.3 Virtual Disk Online Resizing
8.4 Resource Metering (計量)
8.4.1 Overview of Hyper-V Resource Metering
8.4.2 Enabling and Using Resource Metering
8.4.3 Using Virtual Network Adapter ACL
8.5 Hyper-V Port Mirroring
8.6 Using ReFS with Hyper-V
9. Hyper-V Failover Clustering
9.1 Deploying a Hyper-V Failover Cluster
9.2 Cluster Shared Volume
9.3 Cluster Shared Volumes (CSV) Cache
9.4 Deploying a Highly Available Virtual Machine in Hyper-V Cluster
9.5 Testing a Planned Failover by Live Migration
9.6 Virtual Machine Drain on Shutdown
9.7 Live Migration Settings and RDMA
9.7.1 Live Migration Settings
9.7.2 RDMA (Remote Direct Memory Access)
9.8 Virtual Machine Network Health Protection
9.9 Virtual Machine Monitoring
9.10 Hyper-V Replica Broker
9.11 Hyper-V Virtual Machine Load Balancing
9.12 Configuring RDMA Adapter and Converged Ethernet
9.12.1 Data Center Bridging for RDMA
9.12.2 Creating a Hyper-V Virtual Switch with an RDMA Capable adapter
9.13 Hyper-V Switch Embedded Teaming (SET)
9.13.1 Introduction to Hyper-V Server Switch Embedded Teaming
9.13.2 Creating a SET Team in Hyper-V
9.13.3 SET Modes and Balancing Algorithms
10. Creating and Managing Azure Virtual Machines
10.1 Benefits and Challenges using N-Tier Architecture
10.2 N-Tier architecture with Azure Compute Virtual Machines
10.2.1 To Implement N-Tier Virtual Machine based Architecture
10.3 Enabling Auto-shutdown for VM
10.4 Configuring and Managing additional data disk for Azure Virtual Machines
10.5 Configure Azure Disk Encryption
10.5.1 Azure Disk Encryption Workflow
10.5.2 Azure Disk Decryption Workflow
10.5.3 Azure Disk Encryption Prerequisites
10.5.4 Supported VM Sizes
10.5.5 Virtual Networking
10.5.6 Key Vault Access Policy
10.5.7 Enable encryption on existing or running IaaS Windows VMs
10.6 Resizing Virtual Machines
10.6.1 To Resize a virtual machine which is available in the current cluster
10.6.2 Resizing a Virtual Machine to support Ultra Disk
10.7 Hot Patching
10.7.1 How hotpatching works
10.7.2 Deploy a new Azure VM with hotpatch for Windows Server enabled
10.8 SMB over QUIC
10.8.1 SMB protocol
10.8.2 QUIC protocol
10.8.3 Deploy SMB over QUIC
10.9 SMB over QUIC with Automanage
11. Cross Premises and Hybrid Connectivity
11.1 Introduction to VNet Peering
11.2 Configuring Global VNet Peering
11.2.1 Benefits of VNet Peering
11.2.2 Gateways and on-premises connectivity
11.2.3 Lab of Configuring Global VNet Peering
11.3 Options for connecting additional virtual networks
11.4 Point-to-Site VPN and Certification based authentication
11.4.1 About VPN P2S Authentication process
11.4.2 Generating a Client Authentication certificate
11.4.3 Exporting the Root Certificate in BASE64 public key .cer format
11.4.4 Configuring VPN Client Address Pool and Tunnel Type
11.4.5 Uploading trusted Root Certificate
11.4.6 Generate VPN Client packages
11.5 Configuring Azure Site to Site (S2S) VPN
11.5.1 Configuring Site-to-Site Connections in Azure VPN Gateway
11.5.2 Configuring On-Premises VPN device
11.5.3 Verifying Connectivity
11.6 Azure Virtual Network Adapter
11.6.1 Register a WAC Gateway with Azure Cloud
11.6.2 Add an Azure Network Adapter to a server
11.7 Microsoft Defender for Cloud
11.7.1 Set up Microsoft Defender for Cloud
11.7.2 Onboarding your machines to threat and vulnerability management
11.7.3 Connect your non-Azure machines to Microsoft Defender for Cloud (無須進行,理解便可)
11.7.4 Connect your non-Azure machines to Microsoft Defender for Cloud with Defender for Endpoint
12. Microsoft Defender for Identity
12.1 Introduction to MDI/Azure ATP
12.1.1 Monitor and analyze user behavior and activities
12.1.2 Protect user identities and reduce the attack surface
12.1.3 Identify suspicious activities and advanced attacks across the cyber-attack kill-chain
12.2 Microsoft Defender for Identity architecture
12.2.1 Defender for Identity components
12.2.2 Defender for Identity portal
12.2.3 Defender for Identity sensor
12.2.4 Requirements
12.3 Creating a Defender for Identity Instance
12.4 Connect to your On-Premises AD Forest
12.5 Downloading and Installing the Sensor setup package
12.6 Configure Data Steering in MDI Sensor
12.7 About Microsoft Advanced Threat Analytics (ATA)
12.8 Security Posture Assessments with Microsoft Defender for Identity
13. Data Deduplication
13.1 Introduction to Data Deduplication in Windows Server
13.2 Installing and Configuring Data Deduplication
13.3 Data Deduplication enhancements in Window Server
13.3.1 Support for large volumes
13.3.2 Shortened Deduplication process
13.3.3 Support for large files
13.4 Additional Interoperability considerations of using Data Deduplication
13.4.1 DFS Replication
13.4.2 FSRM Quotas
14. On-Premises Performance Monitoring
14.1 Reliability Analysis Component (RAC)
14.2 Data Collector Set
14.3 Performance Counter Alert
14.4 Event Trace Sessions
15. Azure Recovery Services Vault
15.1 Introduction to Recovery Services Vault
15.2 Creating a Recovery Services Vault
15.3 Back up Windows to Azure
15.4 Configuring the Vault for backing up On-Premises Windows
15.4.1 Installing Agent and Registering On-Premises Server
15.4.2 Create the backup policy
15.4.3 Restoring files from Azure Recovery Services Vault
15.5 Back up an Azure Virtual Machine
15.5.1 Preparation to backup Azure Virtual Machine
15.5.2 Back up the Azure VM using Azure Backup service
15.6 Upgrading Azure VM Backup stack V2 (Optional knowledge)
15.7 More about Site-to-Site recovery by using Azure Site Recovery
15.7.1 Introduction to Azure Site Recovery services
15.7.2 Migrating On-premises Hyper-V Virtual Machine to Azure
16. Azure Migrate Appliance
16.1 Introduction to Azure Migrate
16.2 Creating a Migration Project
16.3 Deploying Azure Migrate appliance with VHD template for Hyper-V
16.3.1 Generate the project key
16.3.2 Download the VHD template
16.3.3 Creating the appliance
16.3.4 Configuring the Azure Migrate virtual appliance
16.3.5 Set up prerequisites and register the appliance
16.3.6 Starting Continuous Discovery of Hyper-V infrastructure
16.4 Assess Hyper-V VMs for migration to Azure
16.5 Migrate Hyper-V VMs to Azure
16.6 Running a Test Migration
16.7 Migrating to Azure Virtual Machines
16.8 Completing the migration
16.9 Post-migration best practices
17. Protecting and Securing Windows Credentials
17.1 Attacks to Windows Credential Store
17.2 Requirements of Credential Guard
17.3 Configuring Credential Guard
17.4 Preventing NTLM authentication protocol
18. Just Enough Administration (JEA)
18.1 Overview of Just Enough Administration
18.1.1 JEA Objectives
18.1.2 JEA reduces risk by limiting administrator exposure
18.1.3 JEA Working Principal
18.1.4 Benefits of JEA
18.1.5 JEA Deployment Prerequisites
18.2 Creating a JEA Role Capability File
18.3 Convert Role Capability File as PowerShell Module
18.4 Creating a JEA Session Configuration File
18.5 Creating a JEA Endpoint
18.6 Connecting to JEA Endpoint
19. Azure ARC
19.1 Introduction to Hybrid Infrastructure Management with Azure ARC
19.2 Azure ARC Enabled Servers
19.3 Onboarding Azure ARC Enabled Servers
19.3.1 Generate installation script
19.3.2 Install the agent using the script
19.4 Onboarding ARC Enabled Servers at Scale
19.5 Onboarding ARC Enabled Servers to Microsoft Sentinel
19.6 Detect threats using Microsoft Sentinel
19.7 More about Automated Response to Threats
20. Internet Protocol Security (IPSec)
20.1 Introduction to IPSec
20.2 Deploying IPSec
20.2.1 事前驗證
20.3 IPsec Configuration in Windows Server
20.3.1 Connection Security Rules
20.3.2 Authentication Requirement
20.3.3 Creating Connection Security Rule
|