Ensure that out-of-the-box VMs comply with the Security Center recommendations
I have been running a Windows Server 2019 Datacenter VM for about a year, and it has recently gone live. Having got the applications running, I have looked more closely at the Security Center reports and discovered lots of remediation needed. Why is that necessary? Surely the image could have all those issues corrected before it is deployed?
I created a test Windows Server 2019 Datacenter VM and it had about 90 security issues!