Security features in Windows Server 2016
Windows Server 2016 gives you the power to prevent attacks and detect suspicious activity with new features to control privileged access, protect virtual machines (VMs), and harden the platform against emerging threats. Here’s what Windows Server 2016 can do for you:
Prevent the risk associated with compromised administrative credentials Using the new privileged identity management features, you can limit access to Just Enough and Just-in-Time 1. And, using Credential Guard, you can prevent administrative credentials from being stolen by Pass-the-Hash attacks.
Protect your VMs from compromised fabric administrators by using shielded VMs A shielded VM is a Generation 2 VM that has a virtual Trusted Platform Module (TPM), is encrypted by using BitLocker, and can run only on pproved hosts in the fabric.
Reduce your datacenter footprint and increase availability with just-enough OS. The new Nano Server deployment option is 25 times smaller than Windows Server, while still offering a desktop experience. This minimizes the attack surface, increases availability, and reduces deployment time, resource usage, and startup time.
Add even more protection to every deployment of Windows Server 2016. Whether you’re running in any cloud or on-premises, you can take advantage of additional security features such as Code Integrity and Control Flow Guard to ensure that only permitted binaries are run and protect against unknown vulnerabilities.
Detect malicious behavior through enhanced security auditing optimized for threat detection. Using new audit categories for group membership and PNP to identify and add additional information to audit events, administrators can dive deeper than ever to discover new threats
Defend against malware attacks by using the built-in antimalware Windows Defender is now included in Windows Server 2016 and optimized to support the various server roles and integrate with Windows PowerShell for malware scanning.
Limit exposure in case of a security intrusion If you were to suffer a security breach, Windows Server 2016 can limit the exposure by segmenting your network based on workload or business needs using a distributed firewall and
network security groups. You can apply rich policies within and across segments.
Use Hyper-V Containers for a unique additional level of isolation for containerized applications without any changes to the container image. Hyper-V containers provide isolation at the hardware level, giving administrators the peace of mind that they have come to appreciate with hardware-based virtualization protection as it
incorporates the same isolation methods.