Course Overview
In this power workshop you will learn everything you need to know to deploy Windows 11 quickly and efficiently in your environment.
This ranges from full-touch to lite-touch to zero-touch - depending on the participants' wishes. The different versions and the LTSB version in particular are examined in detail. In addition, the configuration via MDT and ADK is examined in detail and a basic configuration is provided in advance. This is followed by the management of the client system via group policies and the implementation of central specifications, including data protection. (Disabling telemetry data, secure data protection configuration, etc.) Following on from this, the topic of security is examined centrally and in depth: From Pass-the-Hash to Credential-Guard to Device-Guard and Remote-Credential-Guard, just to mention a few topics.
Who should attend
This course is aimed at experienced system administrators, consultants and Active Directory designers. After this seminar, you will be able to roll out Windows 11 in your company and administer it professionally.
Prerequisites
Participants should have at least five years of experience with Active Directory and client systems.
The aim of this five-day seminar is to familiarize you with Windows 11 so that you can juggle with the new operating system and implement it successfully in your environment.
Above all, the topic of deploying Windows 11 as a highly secure client is one of the central approaches here. And: Are you or your customers unable or unwilling to purchase the LTSB/LTSC version? We will show you how to configure a Windows 11 Pro version with 30 group policies so that it corresponds to an LTSB version. And: You can take these group policies (among other things) with you as an export after this course and use them directly.
This course has been developed since the beta of Windows and is constantly evolving to meet the latest versions of Windows 11. In particular, the experiences of our customers are always incorporated into this course.
Course Content
- Versions and editions of Windows 11
- Editions in comparison
- LTSB for the enterprise sector
- Updates versus Upgrades
- Brief overview of the operation of Windows 11
- Startmenu
- Multiple Desktops
- User accounts and synchronization
- Domain accounts and Microsoft's Live ID
- DomainJoin to Windows Azure
- Installation and activation
- Installation via MediaCreationTool
- Installation via WDS
- Installation via MDT & ADK
- Upgrade versus Installation
- Update scenarios
- Upgrade paths
- Licensing
- Free update or not?
- Administration of Windows in domain networks
- RSAT-Installation
- Domain-Join
- Securing the domain join with redircomp and redirusr
- Secure-Domain mit -Join via unattend-xml via sysprep
- Deploy group policies for Windows 11
- Install adm and admx files
- central-store on the domain controllers
- Setup of a highly secure client according to the specifications of the Institute for Internet Security
- Setting up a client à la LTSB using group policies
- Rolling out a client in accordance with the European General Data Protection Regulation
- Remote-Management on Windows 11
- Firewalling in Windows 11
- Windows to go
- Powershell in Windows 11
- Security in Windows 11
- Bitlocker
- Bitlocker and TPM
- Bitlocker with TPM and Active Directory
- SecureBoot
- Pass-the-Hash & Credential
- Implementation of Credential-Guard
- Securing enterprise PCs with Device Guard
- Remote Credential-Guard
- Remote deletion of business data
- Windows 11 with Bitlocker and Azure
- UserState Virtualization with Windows 11
-
Additionally according to customer wishes and requirements:
- Manage Windows 11 devices with enterprise mobility solutions
- Management of desktop and mobile clients with Microsoft Intune
- Update management and endpoint protection with Microsoft Intune
- Access to applications and resources with Microsoft Intune
- Advanced Threat Protection mit Windows 11 und Azure ( E5 )
- Detection, Investigation & Response von ATP
- Use the threat detection API to create custom alerts:
- Improvements for operating system memory pools and kernel sensors
- Updated detection functions for ransomware
- Functions for historical determination
- Group policy security options
Training environment
The training environment works entirely with Hyper-V. To set up the training environment proactively, we use a Powershell script with which you can create new virtual machines in seconds. The script was developed by your trainer himself and enables the training course to be set up as required by the customer extremely quickly and with little effort.Hardware
Each participant has a dedicated server in a data center with a total of 1 Gbit connection to the Internet. Each participant server is equipped as follows:- 128 GB RAM
- min. 20 vCores
- 2 NVME SSDs with at least 3,000 MB/s writing and at least 2,000 MB/s reading
- 1 Gbit to the Internet Total bandwidth
Your trainer
The Master Class was developed by Andy Wendel and is run by himself and his experienced team. Andy Wendel is a Senior Data Center and Cloud Architect and Certified Security Master Specialization Advanced Windows Security. He was and is trained by the internationally renowned security experts Paula Januszkiewicz and Sami Laiho. This certification is renewed every year. Andy Wendel has been working as an IT trainer and consultant since the late 1990s and is also a certified Microsoft Learning Consultant (MCLC). Microsoft has only awarded 56 Certified Learning Consultants worldwide.