Master Class
Windows 10
Secure Deployment
Master Class
Windows 10
Secure Deployment

Course overview

In this power workshop you will learn everything you need to know to deploy Windows 11 in your environment quickly and purposefully.

It goes from full-touch to lite-touch to zero-touch – according to the wishes of the participants. The different versions and in particular the LTSB version are examined in detail. In addition, the configuration via MDT and ADK is examined in detail and a basic configuration is provided in advance. This is followed by the management of the client system via group policies to enforce central specifications, including data protection. (Disabling telemetry data, secure data protection configuration, etc.). Following on from this, the topic of security is examined centrally and in depth: from pass-the-hash and credential guard to device guard and remote credential guard, to mention just a few topics.

Target group

This course is aimed at experienced system administrators, consultants and Active Directory designers. After this seminar, you will be able to roll out Windows 10 in your company and administer it professionally.


Participants should have at least five years’ experience with Active Directory and client systems.

Course objective

The aim of this five-day seminar is to familiarize you with Windows 11 so that you can “juggle” with the new operating system and successfully implement this new operating system in your environment.

Above all, the topic of deploying Windows 11 as a highly secure client is one of the central approaches here. And: Are you or your customers unable or unwilling to purchase the LTSB/LTSC version? We will show you how to configure a Windows 11 Pro version with 30 group policies so that it corresponds to an LTSB version. And: You can take these group policies (among other things) with you as an export after this course and use them directly.

This course has been developed since the beta version of Windows and is constantly being further developed to correspond to the current versions of Windows 11. In particular, the experiences of our customers are always incorporated into this course.


  • Versions and editions of Windows 11
    • Windows 10 editions in comparison
    • LTSB for the enterprise sector
    • Updates versus Upgrades
  • Brief overview of the operation of Windows 11
    • Start menu
    • Multiple desktops
  • User accounts and synchronization
    • Domain accounts and Microsoft’s Live ID
    • DomainJoin to Windows Azure
  • Installation and activation
    • Installation via MediaCreationTool
    • Installation via WDS
    • Installation via MDT & ADK
    • Upgrade versus Installation
    • Update scenarios
    • Upgrade paths
  • Licensing
    • Free update or not?
  • Administration of Windows in domain networks
    • RSAT installation
    • Domain join
    • Securing the domain join with redircomp and redirusr
    • Secure domain with -Join via unattend-xml via sysprep
    • tba
  • Deploy group policies for Windows 11
    • “Install” adm and admx files
    • central-store on the domain controllers
    • Set up a highly secure client according to the specifications of the Institute for Internet Security
    • Set up a client à la LTSB using group policies
    • Rolling out a client in accordance with the European General Data Protection Regulation
  • Remote management of Windows 11
  • Firewalling in Windows 11
  • Windows to go
  • Powershell in Windows 11
  • Sicherheit in Windows 11
    • Bitlocker
    • Bitlocker and TPM
    • Bitlocker with TPM and Active Directory
    • SecureBoot
    • Pass-the-Hash & Credential
    • Implementation of Credential-Guard
    • Securing enterprise PCs with Device Guard
    • Remote credential guard
    • Remote deletion of business data
  • Windows 10 with Bitlocker and Azure
  • UserStateVirtualization with Windows 10
Additionally according to customer wishes and requirements:
  • Manage Windows 11 devices with Enterprise Mobility solutions
  • Management of desktop and mobile clients with Microsoft Intune
  • Update management and endpoint protection with Microsoft Intune
  • Access to applications and resources with Microsoft Intune
  • Advanced Threat Protection with Windows 10 and Azure ( E5 )
  • Detection, Investigation & Response from ATP
  • Use the threat detection API to create custom alerts:
  • Improvements for operating system memory pools and kernel sensors
  • Updated investigation functions for ransomware
  • Historical detection capabilities
  • Group Policy security options

Training environment

The training environment works entirely with Hyper-V. For the proactive setup of the training environment, we use a Powershell script that allows you to create new virtual machines in seconds. The script was developed by your trainer himself and enables the training to be set up as required by the customer extremely quickly and with little effort.


Each participant is provided with a dedicated server in a data center with a total of 1 Gbit connection to the Internet. Each participant server is equipped as follows:

  • 128 GB RAM
  • at least 20 vCores
  • 2 NVME SSDs with at least 3,000 MB/s write and at least 2,000 MB/s read speed
  • 1 Gbit to the Internet total bandwidth

Your Trainer

The Master Class was developed by Andy Wendel and is conducted by himself and his experienced team.

Andy Wendel is a Senior Data Center and Cloud Architect and Certified Security Master Specialization Advanced Windows Security. He was and is trained by the internationally renowned security experts  Paula Januszkiewicz and Sami Laiho. This certification is renewed every year. Andy Wendel has been working as an IT trainer and consultant since the late 1990s and is also a certified Microsoft Learning Consultant (MCLC). Microsoft has only awarded 56 Certified Learning Consultants worldwide.


Duration: 5 days

This post is also available in: German