Windows Server 2016
Windows Server 2016 includes built-in breach resistance to help thwart attacks
on your systems and meet compliance goals. Even if someone finds a way
into your environment, the layers of security built into Windows Server 2016
limit the damage they can cause and help detect suspicious activity.
- Protect your virtual machines. Use the unique Shielded Virtual Machines
feature to encrypt your VMs with BitLocker and help ensure they can run
only on hosts approved by the Host Guardian Service.
- Help secure admin credentials. Protect admin credentials from Pass-the-
Hash attacks using Credential Guard and Remote Credential Guard,
and control administrator privileges with Just-In-Time Administration and
Just Enough Administration, which together help minimize the time and
capability granted for specific privileges.
- Protect the operating system. Resist breaches with built-in Control Flow
Guard, which helps prevent memory corruption attacks, and Windows
Defender, optimized for server roles. Help ensure only trusted software
can be run on the server with Device Guard.
- Improve ability to detect attacks. Use advanced auditing capabilities
to help detect malicious behavior.
- Isolate applications. Help protect container-based applications with
Windows Server containers with Hyper-V isolation, which do not share the host
kernel with other containers. Use the distributed firewall, a software-defined
networking capability, to control internal and external network traffic to VMs.