Master Class: Windows 11 Secure Deployment (W11SD) – Outline

Detailed Course Outline

  • Versions and editions of Windows 11
    • Windows 10 editions in comparison
    • LTSB for the enterprise sector
    • Updates versus Upgrades
  • Brief overview of the operation of Windows 11
    • Startmenu
    • Multiple Desktops
  • User accounts and synchronization
    • Domain accounts and Microsoft's Live ID
    • DomainJoin to Windows Azure
  • Installation and activation
    • Installation via MediaCreationTool
    • Installation via WDS
    • Installation via MDT & ADK
    • Upgrade versus Installation
    • Update scenarios
    • Upgrade paths
  • Licensing
    • Free update or not?
  • Administration of Windows in domain networks
    • RSAT-Installation
    • Domain-Join
    • Securing the domain join with redircomp and redirusr
    • Secure-Domain mit -Join via unattend-xml via sysprep
  • Deploy group policies for Windows 11
    • Install adm and admx files
    • central-store on the domain controllers
    • Setup of a highly secure client according to the specifications of the Institute for Internet Security
    • Setting up a client à la LTSB using group policies
    • Rolling out a client in accordance with the European General Data Protection Regulation
  • Remote-Management von Windows 11
  • Firewalling in Windows 11
  • Windows to go
  • Powershell in Windows 11
  • Security in Windows 11
    • Bitlocker
    • Bitlocker and TPM
    • Bitlocker with TPM and Active Directory
    • SecureBoot
    • Pass-the-Hash & Credential
    • Implementation of Credential-Guard
    • Securing enterprise PCs with Device Guard
    • Remote Credential-Guard
    • Remote deletion of business data
  • Windows 10 with Bitlocker and Azure
  • UserStateVirtualization mit Windows 10

Additionally according to customer wishes and requirements:

  • Manage Windows 11 devices with enterprise mobility solutions
  • Management of desktop and mobile clients with Microsoft Intune
  • Update management and endpoint protection with Microsoft Intune
  • Access to applications and resources with Microsoft Intune
  • Advanced Threat Protection mit Windows 10 und Azure ( E5 )
  • Detection, Investigation & Response von ATP
  • Use the threat detection API to create custom alerts:
  • Improvements for operating system memory pools and kernel sensors
  • Updated detection functions for ransomware
  • Functions for historical determination
  • Group policy security options

Training environment The training environment works entirely with Hyper-V. To set up the training environment proactively, we use a Powershell script with which you can create new virtual machines in seconds. The script was developed by your trainer himself and enables the training course to be set up as required by the customer extremely quickly and with little effort.

Hardware Each participant has a dedicated server in a data center with a total of 1 Gbit connection to the Internet. Each participant server is equipped as follows:

  • 128 GB RAM
  • min. 20 vCores
  • 2 NVME SSDs with at least 3,000 MB/s writing and at least 2,000 MB/s reading
  • 1 Gbit to the Internet Total bandwidth