I was over working on a Google Cloud machine and Amazon AWS EC2, and doing an in place upgrade from 2012 R2 to 2019, and was just browsing the latest security improvement threads and saw the CIS hardened Windows Server 2019 image. Very nice. Check it out.
Last month, I had to complete a level 1 CIS implementation for an insurance audit organization and this type of evolution in the industry is good news for all.
I quote the content in case it gets moved (fair use and reference attribution at the bottom)
Overview
This image of Microsoft Windows Server 2019 is built on Google's Shielded VM and preconfigured by CIS to the recommendations in the associated CIS Benchmark. CIS Benchmarks are vendor agnostic, consensus-based security configuration guides both developed and accepted by government, business, industry, and academia. CIS Benchmarks also provide a foundation to comply with numerous cybersecurity frameworks.
Cloud environments and operating systems are not secure by default. Launching an image hardened according to the trusted security configuration baselines prescribed by a CIS Benchmark will reduce cost, time, and risk to an organization. This image has been hardened by CIS and is configured with the majority of the recommendations included in the free PDF version of the corresponding CIS Benchmark. The Level 1 Profile settings within the CIS Benchmark have been applied with the intent to provide a clear security benefit without inhibiting the utility of the technology beyond acceptable means. The hardening of this instance was configured through the utilization of local group policy.
To learn more or access the corresponding CIS Benchmark, please visit the Center for Internet Security website or visit our community platform, CIS WorkBench.
If the intention is to use this instance in a domain environment where policies are managed globally, the majority of the security settings will be changed and managed by domain policies. The Benchmark that is the basis for this image was developed for system and application administrators, security specialists, auditors, help desk professionals, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Microsoft Windows Server 2019. CIS Benchmarks are developed in a unique consensus-based process comprised of hundreds of security professionals worldwide as de facto, best-practice configuration standards.
Learn more
About CIS (Center for Internet Security)
CIS is a forward-thinking nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. CIS Benchmarks are the global standard for securing IT systems and data against the most pervasive cyber attacks.
Learn more
About the provider
more to come...