Why hardening first
Most incidents come from defaults left open. Early hardening reduces risk while keeping teams fast and focused.
Quick wins (high impact, low effort)
- Enforce MFA for all users; require it for admins and vendors.
- Encrypted backups + quarterly restore test (document results).
- Endpoint baseline: EDR, disk encryption, auto-lock, patch cadence.
- Role-based access (groups) instead of per-user exceptions.
What we monitor
- Config drift and policy exceptions.
- Failed logins, new admin grants, critical changes.
- Alerts routed to a shared channel with runbooks.