Publication date : 02/24/2026
Course : Windows 2025, securing your infrastructure
Practical course - 4d
- 28h00 - Ref. WSX
|
Download in PDF format
Share this course by email
 | Master the new security features of Windows Server 2025 (VBS, Credential Guard, Device Guard, OSConfig) |
| Secure Active Directory 2025 infrastructure and manage user identities |
| Set up and administer a certificate management infrastructure (PKI) with AD CS |
| Protect data with encryption (EFS, BitLocker, NTFS/ReFS) |
| Configure access control and delegation mechanisms in Active Directory |
| Securing network and remote access with SMB over QUIC, VPN and NPS/RADIUS |
| Strengthen DNS and domain controller security (DNSSEC, RODC, privileged accounts) |
Prerequisites
Basic knowledge of network operating systems.
Course schedule
1 Windows Server 2025 architecture
- Security features and best practices for Windows 2025.
- Key steps to securing Windows Server 2025.
- New level of functionality for Active Directory services.
- Virtualization-based security (VBS).
- Implementation of Credential Guard, Device Guard.
- OSConfig under Windows 2025 (next-generation DSC).
- Windows Admin Center 2025 (native server version).
- Dynamic access control for user accounts.
- Set up a security audit using specific tools.
Hands-on work
Basic configuration and auditing to secure a Windows 2025 server.
2 Certification authority and PKI architecture
- Presentation and roles of CAs (certification authorities).
- ADCS (Active Directory Certificate Services) news and enhancements.
- Installation and implementation of the certificate server role (PKI).
- Certificate creation and management via MMC and Windows Admin Center (WAC).
- Creation and administration of specific Windows 2025 certificate templates.
- The online answering role. OCSP enhancement (hybrid environments).
- Collection certificates and online answering role.
Hands-on work
Basic administration of a certificate server. Securing web access with HTTPS
3 AD federation services and Microsoft Entra ID
- Interest in and implementation of the ADFS role, when ADFS remains relevant in 2025.
- Certificate management and creation of trust relationships.
- Entra ID and modern functionalities (MFA, Conditional Access, Passwordless, Identity Protection).
- Install the WAP server and publish ADFS to the outside world.
- The role of Web Application Proxy (WAP) version 2025.
Hands-on work
Set up AD federation services, secure AD. WAP installation and configuration.
4 Manage identities
- Credential Guard management (protects Kerberos/NTLM secrets).
- Signed and encrypted LDAP mandatory.
- Assign rights to users.
- Set up user delegation via the active directory.
- Enhanced monitoring, enriched logs: Kerberos, LDAP, AD replication.
- New features in Windows LAPS and associated GPOs.
Hands-on work
Set up a user rights management policy. Use Windows LAPS. Set up user delegation.
5 Securing the DA
- New AD diagnostic tools and improvements , dcdiag, repadmin...
- Securing the AD: reinforced protection of privileged accounts, isolation of LSASS processes.
- What's new in AD-CS certificate services "Schema 93" .
- RODC (Read Only Domain Controller): implementation scenarios and benefits.
- DNS SEC implementation. DNS zone protection.
- Roles and interests of ADAC (active directory administration center).
- PSO for password granularity, benefits and implementation.
Hands-on work
Securing the AD. Password granularity. Installing and configuring a RODC.
6 Data protection
- NTFS and ReFS file system security.
- Implementation of EFS and management of collection certificates.
- BitLocker: disk encryption and encryption key storage.
- Centralization of keys in AD via group policies.
Hands-on work
Set up encryption. Data recovery with agent and associated certificates.
7 SMB over QUIC, NPS 2025 and VPN
- QUIC vs DirectAccess vs Always On VPN.
- New VPN features in Windows Server 2025 (RRAS).
- NPS servers. Hardening the NPS 2025 role.
- RADIUS infrastructure components (802.1x).
- Always On VPN versus DirectAccess.
- VPN versus SMB over QUIC: which one to choose?
- The firewall role in Windows Server 2025 (what's changing?).
Hands-on work
Implementation of SM over QUIC via Windows Admin Center, Always On VPN "Why it's the modern solution". Implementation of a RADIUS 2025 server. Advanced firewall configuration.
PARTICIPANTS
PREREQUISITES
Basic knowledge of network operating systems.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
PREREQUISITES
Basic knowledge of network operating systems.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TEACHING AIDS AND TECHNICAL RESOURCES
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
Dates and locations
Select your location or opt for the remote class then choose your date.
Remote class
Last places available
Guaranteed date, in person or remotely
Guaranteed session