Windows Server 2016
Take advantage of built-in features in Windows Server 2016 that help increase your ability to protect, detect, and defend against attacks that can lead to data breaches. Plus, additional layers of protection help block malicious software that can exploit vulnerabilities, reducing your data privacy risk.
Protect your applications and infrastructure
Windows Server 2016 is designed for flexibility on premises or in the cloud. It is the foundation of both Azure and Azure Stack and the hybrid applications that power your business. Modern software-defined datacenters and the need for agile solutions require a new kind of server, and Windows Server 2016 provides a platform for automating and securing your applications and infrastructure.
Windows Server 2016 was designed to help defend server applications and infrastructure against the main methods of attack used to compromise data and interrupt business, such as credential theft, malware insertion, and targeting of virtualization vulnerabilities. Protections at the identity, operating system, and virtualization layers work to disrupt standard attacker toolkits and isolate vulnerable targets, making the server operating system an active participant in its own defense.
Security and privacy are built into the Windows Server platform, beginning with the Security Development Lifecycle that addresses security at every development phase from initial planning to launch. Windows Server is continually updated to make it even more secure.
Just enough admin rights
Windows Server 2016 includes enhanced functionality to help protect user identity and limits the reach and time duration of administrative accounts with Just Enough and Just-in-Time Administration. With these role-based security features, administrators can request only the specific privileges they need for the exact window of time for which they need them. This reduces the potential for theft of administrative credentials.Learn more about securing privileged access
Guard against credential theft
Cyberattacks are becoming more frequent and sophisticated, and often target user accounts and passwords. Microsoft understands these attacks from firsthand experience helping customers deal with them. We built new defenses into Windows Server 2016 to help protect our customers from credential theft. If an attacker does gain access to a system, Windows Server 2016 helps prevent them from copying the credentials from that machine and using that system as a launching point for further intrusions.Learn more about Credential Guard
Protect apps and data at rest and in transit
Whether running as a virtual machine (VM) or on a physical host, Windows Server 2016 helps to protect your applications, infrastructure roles, and data. It also includes auditing capabilities to help detect and respond to threats.
Auditing and logging in Windows Server 2016 provides enhanced targeted logging to better detect malicious behavior, including auditing access to kernel and sensitive processes as well as new information in logon events. Windows Server 2016 actively alerts administrators to potential breach attempts with enhanced security auditing that provides detailed information that can be used for faster detection of an attacker and better forensic analysis of attacks. The events can be streamed to Security Information and Event Management (SIEM) systems such as Operations Management Suite (OMS).
Windows Server 2016 uses familiar access controls, user rights, and permissions to protect your data. It features industry-standard encryption protocols that protect data both at rest and in transit across the network. Familiar technologies such as BitLocker disk encryption are used in new ways—protecting new shielded VMs, for example.Learn about Windows Server 2016 security
Rely on network security
Windows Server 2016 software defined networking (SDN) includes a distributed network firewall that allows you to dynamically create the security policies to protect your applications from attacks coming from inside or outside a network. This firewall adds layers to your security by enabling you to isolate your applications in the network. Policies can be applied anywhere across your virtual network infrastructure, isolating VM (virtual machine) to VM traffic, VM to host traffic, or VM to internet traffic where necessary, either for individual systems that may have been compromised, or programmatically across multiple subnets.Learn more on how SDN can help enhance network security
Discover security for VMs
Virtualization presents a new attack vector from a compromised virtualization fabric. Windows Server 2016 fundamentally changes how enterprises can secure virtualization. It includes multiple technologies that allow organizations to encrypt virtual machines (VMs) and prohibit them from being started on non-trusted hosts, and helps protect the VM from a compromised fabric administrator or malware.
Native features to enhance your security posture
Windows Server 2016 brings new native capabilities to help protect against both common and unknown attack vectors. By simply upgrading to Windows Server 2016, you elevate your security posture and help protect your infrastructure, applications, and data. Control Flow Guard and Windows Defender come installed and enabled by default and will help protect against known attack methods and malware. Device Guard can be configured to lock down your servers so only approved applications, drivers, scripts, or any code is allowed to run.Watch now: Native security features in Windows Server 2016