Windows Baseline Hardening Service
ServiceOur engineers apply CIS or DISA STIG benchmarks to your Windows fleet via Group Policy, configure WDAC application control, enable credential guard, and establish your baseline configuration.
Key Features
Interested in this service?
Contact us to discuss how we can help with Windows Baseline Hardening Service.
Request a ConsultationResources
Videos
Windows Hardening Guide - 2025 Edition
Ken Harris pulls no punches in this 50-minute hardening marathon that covers Windows Defender tuning, firewall alternatives like Simplewall and Portmaster, BitLocker encryption, disabling Recall and Copilot, encrypted DNS, browser lockdowns, VPNs, and even social engineering defense. It's the kind of video that makes you pause every five minutes to change another setting on your own machine.
Windows 11 Hardening Using DoD STIG Templates - Part 1
When the Department of Defense publishes security templates, it's worth paying attention. ZTArchitect walks through applying DoD STIG configurations to Windows 11 workstations under Zero Trust architecture principles, showing how military-grade hardening translates to civilian environments. Short, focused, and built for practitioners who want government-tested settings without the government paperwork.
More in Windows Workstations
- Microsoft Security Compliance Toolkit
- Windows Defender Application Control
- Windows Baseline Hardening Service
- Windows Supply Chain Security Guide