I like to thank you Community for Supporting, Sharing and Reading New Microsoft technologies on my Blog, Twitter, Facebook and
LinkedIn Community Groups 💗 I wish you all happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! 🎄🥂
I’m very proud and Honored on the Microsoft Global MVP Awards 2022-2023 !
MVP Award for Cloud and Datacenter Management
MVP Award for Windows Insiders
MVP Award for Azure Hybrid
Thank you Microsoft Product Groups, MVP Award Program, Windows Insider Team, Azure Hybrid Team, Windows Server and Azure Stack HCI Team for all your support, NDA PGI sessions, and for the Awesome software, Features, solutions you are building 🙂
Wish you all Happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! 🎄🥂
Here are some Great links for Reading and Sharing :
JOIN these LinkedIn Community Groups for free and Share New Microsoft Technologies Together:
The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems. Here you can see the versions of MS-CIFS and download free white papers
Today SMBv1 is a not save protocol and will be used by hackers for man in the middle attacks to compromise your data and systems. SMBv1 is a weak protocol and should not be used in your environment. There are still a lot of Windows Servers 2012 R2 in the world running in datacenters with SMBv1 by Default enabled. To make your Windows Server more secure, you can disable SMBv1 protocol via a Group Policy Object (GPO).
In the following steps we will disable SMBv1 on Windows Servers via GPO.
Open Group Policy Management in your Domain.
Click on Group Policy Object with your right mouse button.
Click on New.
Give your policy a Name.
I made also an temporary Exception policy.
Right click on your new Policy Object.
Click on Edit.
Go to Computer Configuration => Preferences => Windows Settings
Click on Registry.
Click on New and then on Registry Item.
Here you have to add the following Registry Properties:
Set these settings.
Set Path: HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Click on Apply for these Registry settings.
SMBv1 Disable setting is set in the Policy Object.
This is the path where we push the policy via GPO.
Here we Link the Existing GPO to the OU with the Windows Server 2012 R2
to disable SMBv1 Protocol.
Select your new Policy to disable SMBv1 Protocol.
We have now Linked the new GPO to Disable SMBv1
GPUpdate /force on your Server to disable SMBv1
To get the new GPO active on your Server.
When the Server gets a reboot, SMBv1 will be disabled by GPO again.
When you have maintenance window for updates for example, you can un-install the SMBv1 Feature in Server Manager. This procedure needs a restart of the Windows Server.
Go to Server Manager remove features.
Click on Remove Roles and Features.
Remove the mark at SMB 1.0/CIFS File Sharing Support Feature.
Click on Remove.
Click on Close and Reboot the Server
Now SMBv1 protocol on the Windows Server is disabled and will use a higher version of SMB like version 2.x or 3.x.
SMB over QUIC introduces an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. QUIC is an IETF-standardized protocol with many benefits when compared with TCP:
All packets are always encrypted and handshake is authenticated with TLS 1.3
Parallel streams of reliable and unreliable application data
Exchanges application data in the first round trip (0-RTT)
Improved congestion control and loss recovery
Survives a change in the clients IP address or port
SMB over QUIC offers an “SMB VPN” for telecommuters, mobile device users, and high security organizations. The server certificate creates a TLS 1.3-encrypted tunnel over the internet-friendly UDP port 443 instead of the legacy TCP port 445. All SMB traffic, including authentication and authorization within the tunnel is never exposed to the underlying network. SMB behaves normally within the QUIC tunnel, meaning the user experience doesn’t change. SMB features like multichannel, signing, compression, continuous availability, directory leasing, and so on, work normally.
Client Server Handshake and Data transfer differences.
When you still have Windows Servers running with SMBv1 by default enabled, for security you should disable SMBv1 protocol as soon as possible! Otherwise you make it easy for hackers to compromise your data with man in the middle attacks. In Windows Server 2019 and higher SMBv1 is disabled by default. Have a look at SMB over QUIC in your test environment and learn how secure it is and how it works for your security and data.
Packet monitoring allows you to diagnose your server by capturing and displaying network traffic through the networking stack in a log that is filtered, organized, and easy to follow and manipulate.
Secured-core – recommended for the most sensitive systems and industries like financial, healthcare, and government agencies. Builds on the previous layers and leverages advanced processor capabilities to provide protection from firmware attacks.
In Windows Admin Center Security you can Configure Secured-Core :
Secured-Core in Windows Admin Center 21.10
You can activate 6 secured-Core feature :
Hypervisor Enforced Code Integrity (HVCI)
Boot DMA Protection
System Guard
Secure Boot
Virtualization-based Security (VBS)
Trusted Platform Module 2.0 (TPM2.0)
You now can simply activate the Security Feature.
Needs a Reboot
Hypervisor Enforced Code Integrity (HVCI) is enabled.
Security by Design is increasingly becoming the mainstream development approach to ensure security of software systems. Security architectural design decisions are based on well-known security tactics, and patterns defined as reusable techniques for achieving specific quality concerns. In the following steps we will make a security baseline for Windows Servers with different tools.
1.Microsoft Security Compliance Toolkit
The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects. A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. A lot of hacks are based on registry settings, so that’s why Windows Server Security Baseline is important.
You can download the Microsoft Security Compliance Toolkit here
2. Windows Defender Firewall with Advanced Security
Windows Defender Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy. So set only the firewall ports you need end to end.
Windows Security Setting Firewall & Network Protection
Select Advanced settings
Windows Defender Firewall Advanced settings Set only active what you need!
3. Windows Defender Security Virus & Threat Protection
Schedule a Full Scan in the Night for Threats
and Set the Windows Security options.
Keep your Defender and Virus definition files up-to-date.
4. Windows Updates
When your Windows Server is ready for production, you have to keep it Up-to-Date with Windows Updates. It’s not only the Windows Security patches, but all the software that’s running on your Server. One software leak is enough for a hacker to compromise your Server.
Lot of Companies are using Microsoft WSUS Services or Microsoft Endpoint Configuration Manager to deploy the software Life cycle Management Security updates to Servers to keep them secure as possible. These are not only Microsoft Security Updates but also from third party Software vendors, like adobe, Google, etc.
5. Security Monitoring and Remediation
This Cycle is important for Security!
IT departments have multiple teams with different disciplines, so when the Windows Server is ready
for the Administrator it goes to the Application Admin in a different IT Team. They will install the Application software and maybe
some software connections with other Servers by a third IT Team. To get in control of those security steps is important, because when a IT Consultant of a third party vendor is installing old legacy software you will have hacker leaks again and that’s making your Server vulnerable. Here is where Azure Security Center and Azure Defender will support you in monitoring and remediation of security issues.
It doesn’t matter where your Windows Server is installed, in Azure Cloud or On-premises in your datacenter, it can connect securely via internet for monitoring the Server. When it’s on-premises you can install the Microsoft Arc agent
Microsoft Azure Arc Connected Machine Agent.
Azure Arc enabled Server from On-premises
When the Microsoft Azure Arc Agent is installed on the Server, you can use these Azure Services for example :
Azure Update Management
Azure Monitoring
Azure Security Center with Azure Defender
Azure Policies for Compliance
Change Tracking and Inventory
Insights
Automation of Tasks
These Microsoft Azure features are supporting you to keep your Server as safe as possible and your security Up-to-Date.
From here you can add the Windows Server to Microsoft Azure Security Center with the right log analytics workspace.
Microsoft Azure Security Center Recommendations
Remediate Security Configurations on the Arc enabled Server
Remediation of Vulnerabilities on your Windows Server (Arc Enabled)
Azure Defender is a built-in tool that provides threat protection for workloads running in Azure, on premises, and in other clouds. Integrated with Azure Security Center, Azure Defender protects your hybrid data, cloud-native services, and servers and integrates with your existing security workflows, such as SIEM solutions and vast Microsoft threat intelligence, to streamline threat mitigation.
Workflow of Azure Defender for Vulnerability Scanning.
When Azure Security Center and Azure Defender are installed, you can do a Vulnerability Assessment on your Azure Arc enabled Server which is on-premises datacenter before your Windows Server is going in Production.
Vulnerabilities after Assessment on Windows Server with Arc enabled with remediation
This happens a lot when there is third party software installed on the Server.
To get a list of your high security vulnerabilities, you can use the Azure Resource Graph explorer.
Azure Resource Graph Explorer
Here you can download your high risks into a CSV or Pin to a Dashboard.
6. Compliance and Security Policies
Learn how Microsoft products and services help your organization meet regulatory compliance standards.
When you have to manage a lot of Windows Servers or Linux Servers, you want them compliant with the right security policies.
With Azure Security Policy you can configure your Compliance.
in the following steps you will see an Sample alert :
Sample Alerts with Mitre ATT&CK Tactics
Take Action on the Security Alert.
Related entities
Mitigate the Threat
Prevent future attacks
Trigger automated response
or
Suppress similar Alerts.
Security by Design Conclusion
Before you begin with deploying Windows Servers in your datacenter or in the Azure Cloud, it’s good to make a High Level design with your security set for the right compliance of your new Windows Server. You can use all the security On-Premises for Windows Server but with Azure Security Center, Azure Monitor, Azure Arc Services, Azure Defender you get all the security Insights and remediation options when a vulnerability is discovered. Windows Server and Azure Security Center is better together for Security Management.
Microsoft Security
If you want to keep your Windows Servers secure as possible, you need to keep doing these steps above. Continuous Monitoring and remediate vulnerabilities is a on-going process for SecOps and Administrators. Make it hackers difficult to add ransomware on your Servers. One more important IT Service, is your Backup / Disaster Recovery solution. This should be secure from hackers and from ransomware encryption. I always say think of this rule :
With Windows Admin Center you can remotely manage Windows Server running anywhere—physical, virtual, on-premises, in Azure, or in a hosted environment.
The tool, available with your Windows Server license at no additional charge, consolidates and reimagines Windows OS tools in a single, browser-based, graphical user interface.
At Microsoft Ignite 2021 Global Virtual Event they launched Windows Admin Center version 2103. Here you find the download.
Set Proxy Server in Windows Admin Center Settings.
Open in a Separate Window
This is a Separate Window on my Second Screen, this works Awesome!
Windows Admin Center Virtual Tool improvements 🙂
Conclusion
Microsoft is working hard to make Hybrid IT Management better for Administrators to manage Hybrid Cloud datacenters. Windows Admin Center is a must have for managing
Windows Server Core, AzureStack HCI, and Cluster Services. I can say: I love to work with Windows Admin Center 🙂
It’s a year full of misery with the Covid-19 virus around the world. People who lose their loved one, It’s a very sad time for all of us! Microsoft technologies are still going on strong with new features in Azure Cloud Services but also supporting the people who are working in the healthcare, data analytics, Microsoft Teams for Collaboration and much more. But what I want to say to all HealthCare people over the world : THANK YOU SO MUCH FOR ALL THE WORK YOU DO 👍
I have deep respect for you all !
Community, Microsoft Product Teams, MVP Lead, WIndows Insiders, I wish you and your family happy holidays and a Healthy 2021 with lot of Success! 🎄😍
Security Center is in active development and receives improvements on an ongoing basis. To stay up to date with the most recent developments, this page provides you with information about new features, bug fixes, and deprecated functionality.
Azure Security Center’s features cover the two broad pillars of cloud security:
Cloud security posture management (CSPM) – Security Center is available for free to all Azure users. The free experience includes CSPM features such as secure score, detection of security misconfigurations in your Azure machines, asset inventory, and more. Use these CSPM features to strengthen your hybrid cloud posture and track compliance with the built-in policies.
Cloud workload protection (CWP) – Security Center’s integrated cloud workload protection platform (CWPP), Azure Defender, brings advanced, intelligent, protection of your Azure and hybrid resources and workloads. Enabling Azure Defender brings a range of additional security features as described on this page. In addition to the built-in policies, when you’ve enabled any Azure Defender plan, you can add custom policies and initiatives. You can add regulatory standards – such as NIST and Azure CIS – as well as the Azure Security Benchmark for a truly customized view of your compliance.
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
As an Administrator, I like to work with Microsoft Windows Admin Center, It’s a locally deployed, browser-based app for managing Windows servers, clusters, hyper-converged infrastructure, as well as Windows 10 PCs. You can download Windows Admin Center hereand use it for Free in your Production environment. What is Windows Admin Center? What are my benefits? Here you see Windows Admin Center Architecture how it works.
Windows Admin Center Architecture.
So you can use Windows Admin Center everywhere, you can Install it on a Server on-premises without any internet connections, or in a hybrid way with a internet connection for Cloud
services integrations like Azure Backup, Azure Security Center, Azure Monitor or Azure File Sync and to manage your Virtual Machines in the Cloud.
Microsoft is now busy with Windows Admin Center in the Azure Portal in Preview to manage your Hybrid Datacenter. Here you find a blogpost about it in the Microsoft Tech Community.
Manage Internet Access in Windows Admin Center.
Datacenter Administrators want to manage Windows Servers in an Easy way but it must be secure. Microsoft has some user access options for using Windows Admin Center.
The one I like most is Microsoft Azure MFA (Two-Factor-Authentication) on your Windows Admin Center environment. Here you find more information about User Access WAC.
Choose the right Windows Admin Center installation for your environment:
Windows Admin Center Installation types.
These are Production Ready.
But don’t forget the Microsoft Windows Admin Center in the Azure Portal Preview :
Windows Admin Center in the Azure Portal Preview.
Windows Admin Center | Management | Azure Security Center Integration.
The Power of a Modern Management tool like Windows Admin Center is the Extensions feature to integrate with external Services like Azure Cloud Services, or third party vendors like Dell EMC or HP, Fujitsu, Data-On with great management solutions. An other example of a Windows Admin Center Extension are Containers.
In the following steps you will see how easy it is to manage and integrate Azure Security Center into Windows Admin Center for your Servers.
When you have installed Windows Admin Center, you have to add your Microsoft Azure Subscription into WAC.
Azure Registration in Windows Admin Center.
In the upper right you have the settings icon of Windows Admin Center, from there you can select Azure and do the registration. What it will do is making a API with your Microsoft Azure subscription:
Here you see the Registration in Microsoft Azure.
When that is completed successfully, you can add the Microsoft Azure Services via Extensions in Settings. We are going to Select Azure Security Center.
Install the Microsoft Azure Security Center Extension.
From here you have installed the basics for your Servers, now the Microsoft Azure Security Center feature is added in the left management bar at each Server in Windows Admin Center.
Now we only have to register the Servers into Azure Security Center with Windows Admin Center.
Here you see my MVPLAB Machines.
I have two Azure Stack HCI virtual Machines and I like to know if they are secure. ( Skywalker01 and Skywalker02) I start with the Azure Security Center Installation on Skywalker01 VM.
Azure Stack HCI VM called Skywalker01.mvplab.cloud
Sign into Azure.
Select your Azure Subscription, Create or Use existing workspace.
Select Region, and Create or use existing Resource Group.
Click on Setup.
The Virtual Machine will be added to Azure Security Center.
From here it need some time to do the job with doing assessments, getting the metadata of the server with log analytics. Microsoft Azure Security Center will come with security recommendations like:
Here you can do a Quick Fix and do Remediation.
After a view minutes the Security issues are also coming into Windows Admin Center.
Here I get some Security advice in Windows Admin Center for Skywalker01 VM
Here you see the Power of the Azure Cloud with Log Analytics and the
Azure Security Center baselines for Skywalker01 Azure Stack HCI VM.
I forgot Skywalker02 VM to do the monthly security updates and that is a Security Risk too of course :
Skywalker02 Azure Stack HCI VM at High Security Risk.
(No updates)
Of course we have Windows Updates in Windows Admin Center, Just have to select and approve the updates for Skywalker02 to solve this high Risk issue.
Skywalker02 Azure Stack HCI VM Security Risk Solved 😉
Conclusion
In a Hybrid IT world today is Better Together my motto with Windows Admin Center and Microsoft Azure Security Center you have a Great solution. You can make your own Azure Security Center Baseline policy to deploy on your Windows Servers to make them more Secure. Get a High Security Score ! And don’t worry you can add all your Windows Servers into Windows Admin Center if they are on-premises or in the Cloud.
With Azure MFA Two-Factor access authentication, you make your Management tool Windows Admin Center more Secure for your environment. If you don’t use Windows Admin Center yet, start Today !
Cloud and Datacenter Management Blog 