Privacy with Windows Server 2019

The protection of personal data is playing an increasingly important role in companies. For this reason, there are new features in every new version of Windows Server, which allow administrators to protect sensitive data optimally.

With each new version of Windows Server, Microsoft offers new features that also protect data on servers. Windows Server 2019 also enables new data to store data reliably and securely.

Specially Protecting Data in VMs - Shielded VMs

With Windows Server 2016, Microsoft has used the Shielded VM feature in Hyper-V. This feature allows you to encrypt and protect VMs so that unauthorized administrators cannot access the data stored in the VM. The Host Guardian Service ensures that VMs can only be started on the internal network and that unauthorized persons - including administrators - do not have access to the data stored in a VM.

The service also prevents malware, such as ransomware, from accessing data. Protection is provided by a Trusted Platform Module, which can also be virtualized in Windows Server 2019 (vTPM). The encryption is based on Bit locker, which is also part of Windows Server 2019. In Windows Server 2019, not only virtual Windows servers can be secured in this context, but also Linux servers, which can also be operated as shielded VMs.

Windows Defender Advanced Threat Protection (ATP) in Windows Server 2019

Microsoft integrates the Windows Defender Advanced Threat Protection (ATP) cloud service with Windows Server 2019, which enables servers to detect and eliminate malware and attackers without identification files or virus definitions. The service uses features from Microsoft Azure.

Privileged Access Management - foreclose admin registrations

In order to protect data in an environment particularly, of course, the access data of users and especially the access data of the administrators must be protected. This has been done since Windows Server 2016 with Privileged Access Management (PAM). With this technology, administrators only gain access to systems as long as they need to. In addition, no comprehensive rights are assigned, but the system only assigns the rights, which must necessarily be for an administration task.

In such an infrastructure, administrator accounts are operated in their own forest. In the future, admins will no longer work with administrator accounts in the Active Directory environment, but will receive a so-called Just Enough Administration (JEA) access. It defines a set of CMDlets in PowerShell, as well as an exact audience of objects needed for a particular administrative operation.

Save data to SharePoint 2019 and Exchange 2019

Ideal is the use of Windows Server 2019 together with the new versions of SharePoint and Exchange. SharePoint 2019 integrates enterprise search to prevent data loss. Users can search for sensitive content if they have permissions to do so. The eDiscovery Center and Content Retention enables you to find sensitive information in real time. SharePoint 2019 supports templates for various sensitive information from various industries. These include credit card numbers, social security numbers, bank account numbers, and others. Sensitive information types can be identified based on pattern matching and are easy to set up.

Administrators can also use DLP policy templates to do this. For this purpose, a template can be selected during setup and then based on this, a separate, customized DLP guideline can be created. As part of adjusting DLP policies, rules can be customized. DLP can also collaborate with other services in this area, such as DLP in Exchange Online or local installations of Exchange Server 2019.

Container technology for more protection

Microsoft has expanded its container technology into Windows Server 2019. With Kubernetes, containers can be managed and offer much more security than traditional virtual server installations. In addition, new server services, such as SQL Server 2019, can also be run as containers, providing more security, especially when storing and processing data. Here, too, shows the advantage of using Windows Server 2019 and SQL Server 2019 together. SQL Server 2019 can run on Windows servers and on Linux servers.

In addition, SQL Server 2019 can also be used as a container via Docker. Here, of course, Windows Server 2019 is an ideal basis, as here Docker and Kubernetes can be shared. SQL Server 2019 has transparent data encryption (TDE). This additionally offers suspend and resume functions. Simply put, running transactions can be halted if the server is overburdened by encryption, and then resume. Ideal is the operation on servers with Windows Server 2019.

Storage Migration Service and the Cloud - Using Microsoft Azure

The Storage Migration Service in Windows Server 2019 makes it easier to migrate share data to the new server version. The service can migrate shares and their data as well as the user rights and other settings for the shares. Storage Migration Service can not only handle local data, but also work in hybrid environments. This allows data from different file servers, including servers running Windows Server 2019, to be migrated to Microsoft Azure. Azure File Sync can be used as target, as well as Azure Files, shares in the cloud and parallel servers with Windows Server 2019. Storage Migration Service can be a hub between different servers in all directions.

The Storage Migration Service can also take over files and shares for which the administrator has no access rights. It is important that the data is taken over. Administrators do not need to have rights to view the data to be transferred.

During migration, Storage Migration Service can also take over all file attributes. This includes encryption, compressed files and custom attributes. Also network settings and the name of the server can be taken over. The next step is to adjust the migration settings and transfer the data.