Skill 3.1: Implement and manage device, application, and threat protection
Built in to Windows 10 are a number of features that are part of the Microsoft Defender suite of security apps. It’s important that you are familiar with each of these, that you can determine what they do, that you know how they can help secure your organization’s devices, and that you know how you can enable and configure these features.
This skill covers how to:
- Implement and manage Microsoft Defender Credential Guard
- Implement and manage Microsoft Defender Exploit Guard
- Implement and manage Microsoft Defender Application Guard
- Implement Microsoft Defender for Endpoint
- Integrate Microsoft Defender Application Control
- Manage Microsoft Defender Antivirus
- Protect devices using Endpoint Security
- Manage enterprise-level disk encryption
- Implement and manage security baselines in Microsoft Intune
Implement and manage Microsoft Defender Credential Guard
When users sign in to an Active Directory Domain Services (AD DS) domain, they provide their user credentials to a domain controller. As a result of successful authentication, the authenticating domain controller issues Kerberos tickets to the user’s computer. The user’s computer uses these tickets to establish sessions with servers that are part of the same AD DS forest. When a server receives a session request, it examines the Kerberos ticket for validity. If the ticket is valid in all respects and is issued by a trusted authenticating authority, such as a domain controller in the same AD DS forest, the session is allowed.
These Kerberos tickets, and related security tokens, such as NTLM hashes, are stored in the Local Security Authority, which is a process that runs on Windows-based computers and handles the exchange of such information between the local computer and requesting authorities. However, it is possible for certain malicious software to gain access to this security process and exploit the stored tickets and hashes.
