Windows allows a large amount of security settings to be configured, either through Group Policy, or Local Security Policy:
With improved focus on cyber security in the entier ICT industry there may be a requirement to tighten these settings. This can be tricky. It’s one thing to implement a high security scheme when you start a new domain. In a domain environment which has existed and migrated since the early Windows 2000 days, with potentially a host of business critical legacy applications, this is far from trivial.
Taking a step-by-step approach is a good idea, and you may want to assess and test each individual setting (or combination of relevant settings) on its own. However, it is not always clear what each setting does.
However, on the Microsoft website you can find a list of all security settings, with a detailed explanation of why they exist or what they do, with examples of why and when this may or may not cause issues.