Identity & Access Management

1. Create Standard & Admin Accounts
2. Use strong password
3. Enable lock-out policies
   
   

Network Level

1. Turn on Windows Firewall
2. Disable unused network devices
3. Disable remote access
4. Protect DNS, ARP and against MITM
   
   

Application Level

1. Enable Windows Defender Antivirus
2. Download apps only from trusted sources
3. Turn on safe browsing
4. Enable AppLocker
   
   

Storage

1. Enable BitLocker
2. Turn on Windows Sandbox
3. Set up file backups
4. Enable Secure Boot

Enabling auto-updates for Windows is the most crucial element for securing Windows machines from malware and threat actors.