Man in data center looking at reports on a large monitor

Windows Server 2016

Take advantage of built-in features in Windows Server 2016 help increase your ability to protect, detect, and defend against attacks that can lead to data breaches. Plus, additional layers of protection help block malicious software that can exploit vulnerabilities, so you reduce data privacy risk.


Protect your applications and infrastructure

Windows Server 2016 is designed for flexibility on premises or in the cloud. It is the foundation of both Azure and Azure Stack and the hybrid applications that power your business. Modern software-defined datacenters and the need for agile solutions require a new kind of server, and Windows Server 2016 provides a platform for automating and securing your applications and infrastructure.

Windows Server 2016 was designed to help defend server applications and infrastructure against the main methods of attack used to compromise data and interrupt business, such as credential theft, malware insertion, and targeting of virtualization vulnerabilities. Protections at the identity, operating system, and virtualization layers work to disrupt standard attacker toolkits and isolate vulnerable targets, making the server operating system an active participant in its own defense.

Security and privacy are built into the Windows Server platform, beginning with the Security Development Lifecycle that addresses security at every development phase from initial planning to launch. Windows Server is continually updated to make it even more secure.

Just enough admin rights

Windows Server 2016 includes enhanced functionality to help protect user identity and limits the reach and time duration of administrative accounts with Just Enough and Just-in-Time Administration. With these role-based security features, administrators can request only the specific privileges they need for the exact window of time for which they need them. This reduces the potential for theft of administrative credentials.

Learn more about securing privileged access

Guard against credential theft

Cyberattacks are becoming more frequent and sophisticated, and often target user accounts and passwords. Microsoft understands these attacks from firsthand experience helping customers deal with them. We built new defenses into Windows Server 2016 to help protect our customers from credential theft. If an attacker does gain access to a system, Windows Server 2016 helps prevent them from copying the credentials from that machine and using that system as a launching point for further intrusions.

Learn more about Credential Guard

Protect apps and data at rest and in transit

Whether running as a virtual machine (VM) or on a physical host, Windows Server 2016 helps to protect your applications, infrastructure roles, and data. It also includes auditing capabilities to help detect and respond to threats.

Auditing and logging in Windows Server 2016 provides enhanced targeted logging to better detect malicious behavior, including auditing access to kernel and sensitive processes as well as new information in logon events. Windows Server 2016 actively alerts administrators to potential breach attempts with enhanced security auditing that provides detailed information that can be used for faster detection of an attacker and better forensic analysis of attacks. The events can be streamed to Security Information and Event Management (SIEM) systems such as Operations Management Suite (OMS).

Windows Server 2016 uses familiar access controls, user rights, and permissions to protect your data. It features industry-standard encryption protocols that protect data both at rest and in transit across the network. Familiar technologies such as BitLocker disk encryption are used in new ways—protecting new shielded VMs, for example.

Learn about Windows Server 2016 security

Rely on network security

Windows Server 2016 software defined networking (SDN) includes a distributed network firewall that allows you to dynamically create the security policies to protect your applications from attacks coming from inside or outside a network. This firewall adds layers to your security by enabling you to isolate your applications in the network. Policies can be applied anywhere across your virtual network infrastructure, isolating VM (virtual machine) to VM traffic, VM to host traffic, or VM to internet traffic where necessary, either for individual systems that may have been compromised, or programmatically across multiple subnets.

Learn more on how SDN can help enhance network security

Discover security for VMs

Virtualization presents a new attack vector from a compromised virtualization fabric. Windows Server 2016 fundamentally changes how enterprises can secure virtualization. It includes multiple technologies that allow organizations to encrypt virtual machines (VMs) and prohibit them from being started on non-trusted hosts, and helps protect the VM from a compromised fabric administrator or malware.

Watch now: How to protect virtualized workloads with Shielded VMs

Native features to enhance your security posture

Windows Server 2016 brings new native capabilities to help protect against both common and unknown attack vectors. By simply upgrading to Windows Server 2016, you elevate your security posture and help protect your infrastructure, applications, and data. Control Flow Guard and Windows Defender come installed and enabled by default and will help protect against known attack methods and malware. Device Guard can be configured to lock down your servers so only approved applications, drivers, scripts, or any code is allowed to run.

Watch now: Native security features in Windows Server 2016

Get started with Windows Server 2016 by signing up for a 180-day evaluation trial.