Windows Server 2016


Windows Server 2016 includes built-in breach resistance to help thwart attacks
on your systems and meet compliance goals. Even if someone finds a way
into your environment, the layers of security built into Windows Server 2016
limit the damage they can cause and help detect suspicious activity.

  • Protect your virtual machines. Use the unique Shielded Virtual Machines
    feature to encrypt your VMs with BitLocker and help ensure they can run
    only on hosts approved by the Host Guardian Service.
  • Help secure admin credentials. Protect admin credentials from Pass-the-
    Hash attacks using Credential Guard and Remote Credential Guard,
    and control administrator privileges with Just-In-Time Administration and
    Just Enough Administration, which together help minimize the time and
    capability granted for specific privileges.
  • Protect the operating system. Resist breaches with built-in Control Flow
    Guard, which helps prevent memory corruption attacks, and Windows
    Defender, optimized for server roles. Help ensure only trusted software
    can be run on the server with Device Guard.
  • Improve ability to detect attacks. Use advanced auditing capabilities
    to help detect malicious behavior.
  • Isolate applications. Help protect container-based applications with
    Windows Server containers with Hyper-V isolation, which do not share the host
    kernel with other containers. Use the distributed firewall, a software-defined
    networking capability, to control internal and external network traffic to VMs.