Windows Server 2016 was released back in October 2016 with an “assume breach” posture; as Microsoft described it, "[they] want to build the most secure servers," and have "taken some giant steps forward when it comes to breach resistance."
With this in mind, Microsoft has now released two free courses on Windows Server 2016 security in the form of video presentations totaling an hour and a half combined.
The first is titled: "Windows Server 2016 Breach Resistance for Your Operating System and Applications" and comes in at 35:27 minutes long: It takes a look at common attack timelines and scenarios, along with attacker access.
Explore the concept of extending the time between an attacker’s initial breach and when they take control of an organization, giving data security professionals time to detect, respond, and root out the intruder. See how to protect against pass-the-hash attacks using Credential Guard, how to lock down your server using Device Guard, and how you can better detect and investigate threats using new audit events that are triggered by malicious activity.
The second video is just under 55 minutes long and is titled "Deploying Shielded VMs and a Guarded Fabric with Windows Server 2016".
Start with a look at the Host Guardian Service (HGS), and then learn to configure Trusted Platform Module–based (TPM-based) attestation on the Hyper-V host. Create baseline security policies and Hypervisor-enforced Code Integrity policies, and configure HGS to attest to them. Plus, get the details on signing trustworthy template disks, creating shielding data, and deploying Shielded VMs.
If you're a Windows Server administrator, this opportunity might be too good to pass up. It's unclear how long these videos will be available for, but you can check them out right now. They don't require you to be logged in with a Microsoft ID or require any other info.