Security and Patch Policies on all Microsoft supported endpoints including MDM’s
Antivirus
Attack Surface Reduction - Rules to be applied to minimize the vulnerable spots in the organization to cyber attacks
Endpoint Detection and Response - Policy to extend Defender for Endpoint protections to devices for advanced attack detection
Disk Encryption - Policies revolving built-in encryption settings for Bitlocker/FileVault
Firewall
Account Protection - Policies to protect identity of users
Application Control - Policies to control which apps can/can't be installed and used on a device
Update Rings - Policies for when Windows OS updates can/will be applied