A month ago, the Five Eyes Alliance issued a Joint Cybersecurity Advisory.
The advisory highlights the following best practices to protect your systems:
As you can read in the PDF on page 2, there's more elaboration on how weak or the lack of configurations are usually exploited by the bad guys. Certainly, the 'how they do it' is a 'must know' to better understand what mitigative steps need to be applied following best practices - leading to: "So, how I am gonna do it?"
P.S.: next time I'll publish here as well in full mode instead of referencing to to my LinkedIn-Article