Merge pull request #50838 from wwlpublish/ab6628b8bc68acd88d9e703db57a40bb02319101ad2c13a71623814d35fe75fc-live

 Modules/M09-hardening-windows-server

Author: v-ccolin

learn-pr/wwl-azure/harden-windows-server/1-introduction.yml

@@ -4,12 +4,12 @@ title: Introduction
 metadata:
   title: Introduction
   description: "Introduction"
-  ms.date: 06/01/2022
+  ms.date: 06/18/2025
   author: wwlpublish
   ms.author: tonyj
   ms.topic: unit
-azureSandbox: false
-labModal: false
+  ms.custom:
+  - N/A
 durationInMinutes: 3
 content: |
   [!include[](includes/1-introduction.md)]

learn-pr/wwl-azure/harden-windows-server/2-describe-local-administrator-password-solution.yml

@@ -4,12 +4,12 @@ title: Describe Local Password Administrator Solution
 metadata:
   title: Describe Local Password Administrator Solution
   description: "Describe Local Password Administrator Solution"
-  ms.date: 06/01/2022
+  ms.date: 06/18/2025
   author: wwlpublish
   ms.author: tonyj
   ms.topic: unit
-azureSandbox: false
-labModal: false
+  ms.custom:
+  - N/A
 durationInMinutes: 7
 content: |
   [!include[](includes/2-describe-local-administrator-password-solution.md)]

learn-pr/wwl-azure/harden-windows-server/3-configure-privileged-access-workstations.yml

@@ -4,12 +4,12 @@ title: Configure Privileged Access Workstations
 metadata:
   title: Configure Privileged Access Workstations
   description: "Configure Privileged Access Workstations"
-  ms.date: 06/01/2022
+  ms.date: 06/18/2025
   author: wwlpublish
   ms.author: tonyj
   ms.topic: unit
-azureSandbox: false
-labModal: false
+  ms.custom:
+  - N/A
 durationInMinutes: 7
 content: |
   [!include[](includes/3-configure-privileged-access-workstations.md)]

learn-pr/wwl-azure/harden-windows-server/4-secure-domain-controllers.yml

@@ -4,12 +4,12 @@ title: Secure domain controllers
 metadata:
   title: Secure domain controllers
   description: "Secure domain controllers"
-  ms.date: 06/01/2022
+  ms.date: 06/18/2025
   author: wwlpublish
   ms.author: tonyj
   ms.topic: unit
-azureSandbox: false
-labModal: false
+  ms.custom:
+  - N/A
 durationInMinutes: 5
 content: |
   [!include[](includes/4-secure-domain-controllers.md)]

learn-pr/wwl-azure/harden-windows-server/5-analyze-security-configuration.yml

@@ -4,12 +4,12 @@ title: Analyze security configuration with Security Compliance Toolkit
 metadata:
   title: Analyze security configuration with Security Compliance Toolkit
   description: "Analyze security configuration with Security Compliance Toolkit"
-  ms.date: 06/01/2022
+  ms.date: 06/18/2025
   author: wwlpublish
   ms.author: tonyj
   ms.topic: unit
-azureSandbox: false
-labModal: false
+  ms.custom:
+  - N/A
 durationInMinutes: 5
 content: |
   [!include[](includes/5-analyze-security-configuration.md)]

learn-pr/wwl-azure/harden-windows-server/6-secure-smb-traffic.yml

@@ -4,12 +4,12 @@ title: Secure SMB traffic
 metadata:
   title: Secure SMB traffic
   description: "Secure SMB traffic"
-  ms.date: 06/01/2022
+  ms.date: 06/18/2025
   author: wwlpublish
   ms.author: tonyj
   ms.topic: unit
-azureSandbox: false
-labModal: false
+  ms.custom:
+  - N/A
 durationInMinutes: 8
 content: |
   [!include[](includes/6-secure-smb-traffic.md)]

learn-pr/wwl-azure/harden-windows-server/7-knowledge-check.yml

@@ -4,19 +4,19 @@ title: Module assessment
 metadata:
   title: Module assessment
   description: "Knowledge check"
-  ms.date: 06/01/2022
+  ms.date: 06/18/2025
   author: wwlpublish
   ms.author: tonyj
   ms.topic: unit
-azureSandbox: false
-labModal: false
+  ms.custom:
+  - N/A
 durationInMinutes: 3
 content: |
   [!include[](includes/7-knowledge-check.md)]
 quiz:
   title: "Check your knowledge"
   questions:
-  - content: "Which of these is a capability of LAPS (Local Administrator Password Solution)?"
+  - content: "Which of these functions is a capability of LAPS (Local Administrator Password Solution)?"
     choices:
     - content: "Verifies the local administrator password is the same on all managed servers."
       isCorrect: false
@@ -27,23 +27,23 @@ quiz:
     - content: "Prevents local administrator passwords from expiring."
       isCorrect: false
       explanation: "Incorrect. LAPS ensures that local administrator passwords are regularly changed."
-  - content: "Which of the following should you do when configuring a PAW (Privileged Access Workstation)?"
+  - content: "Which of the following actions should you do when configuring a PAW (Privileged Access Workstation)?"
     choices:
     - content: "Configure Encrypting File System to use an Enterprise Root Certificate Authority."
       isCorrect: false
-      explanation: "Incorrect. You should enable BitLocker on a PAW but using an Enterprise Root Certificate Authority with Encrypting File System does not increase the PAWs security."
+      explanation: "Incorrect. You should enable BitLocker on a PAW but using an Enterprise Root Certificate Authority with Encrypting File System doesn't increase the PAWs' security."
     - content: "Enable Windows Defender Credential Guard."
       isCorrect: true
-      explanation: "Correct. Windows Defender Credential Guard protects against stored credentials being harvested by malware."
+      explanation: "Correct. Windows Defender Credential Guard prevents malware from harvesting stored credentials. You should block domain controllers from connecting to hosts on the internet, including those in Azure unless there is a specific reason to allow this communication."
     - content: "Ensure that all domain users can sign in to the PAW."
       isCorrect: false
       explanation: "Incorrect. Only users who need to perform administrative tasks should be able to sign into the PAW."
   - content: "Which of the following methods can you use to secure a domain controller?"
     choices:
     - content: "Configure the perimeter firewall to allow outbound connections to hosts in Azure."
       isCorrect: false
-      explanation: "Incorrect. You should block domain controllers from connecting to hosts on the internet, including those in Azure unless there is a specific reason to allow this communication."
-    - content: "Restrict RDP connections so that they can only be made from computers that have public IPv4 addresses."
+      explanation: "Incorrect. You should block domain controllers from connecting to hosts on the internet, including those hosts in Azure unless there's a specific reason to allow this communication."
+    - content: "Restrict Remote Desktop Protocol (RDP) connections so that they can only be made from computers that have public IPv4 addresses."
       isCorrect: false
       explanation: "Incorrect. You should limit RDP connections so that they can only be made from known secure hosts."
     - content: "Deploy domain controllers by using the Server Core installation option."

learn-pr/wwl-azure/harden-windows-server/8-summary-resources.yml

@@ -4,12 +4,12 @@ title: Summary and Resources
 metadata:
   title: Summary and Resources
   description: "Summary and Resources"
-  ms.date: 06/01/2022
+  ms.date: 06/18/2025
   author: wwlpublish
   ms.author: tonyj
   ms.topic: unit
-azureSandbox: false
-labModal: false
+  ms.custom:
+  - N/A
 durationInMinutes: 3
 content: |
   [!include[](includes/8-summary-resources.md)]

learn-pr/wwl-azure/harden-windows-server/includes/1-introduction.md

@@ -1,4 +1,4 @@
-An integral part of securing your Windows Server environment is making sure the servers and client computers are configured in as secure a manner as possible, also known as “hardening” those computers. In this module, you will learn about a variety of tools that you can use to harden your servers and devices.
+An integral part of securing your Windows Server environment is making sure the servers and client computers are configured in as secure a manner as possible, also known as "hardening" those computers. In this module, you'll learn about various tools that you can use to harden your servers and devices.
 
 ## Learning objectives
 
@@ -12,11 +12,12 @@ In this module, you will:
 
 - Describe how to use the Microsoft Security Compliance Toolkit to harden servers
 
-- Secure SMB traffic using SMB encryption
+- Secure Server Message Block (SMB) traffic using SMB encryption
 
 ## Prerequisites
 
 - Windows Server administration basics
 
 - Familiarity with managing Active Directory Domain Service
 
+