- Operating system selection
- Operating system releases and versions
- Standard Operating Environments
- Hardening operating system configurations
- Application management
- Application control
- Command Shell
- PowerShell
- Host-based Intrusion Prevention System
- Software firewall
- Antivirus software
- Device access control software
- Operating system event logging
- User applications
- User application selection
- User application releases
- Hardening user application configurations
- Microsoft Office macros
- Server applications
- Server application selection
- Server application releases
- Hardening server application configurations
- Restricting privileges for server applications
- Microsoft Active Directory services
- Microsoft Active Directory Domain Services domain controllers
- Microsoft Active Directory Domain Services account hardening
- Microsoft Active Directory Domain Services security group memberships
- Microsoft Active Directory Certificate Services
- Microsoft Active Directory Federation Services
- Microsoft Entra Connect
- Server application event logging
- User accounts and authentication types
- Authenticating to systems
- Insecure authentication methods
- Multi-factor authentication
- Single-factor authentication
- Setting credentials for user accounts
- Setting credentials for built-in Administrator accounts, break glass accounts, local administrator accounts and service accounts
- Changing credentials
- Protecting credentials
- User account lockouts
- Session termination
- Session and screen locking
- Logon banner
- Hypervisors
- Containerisation
- Functional separation between computing environments