Device hardening workflow

Harden your primary device first

We auto-select a recommended playbook from your current device. Finish one platform fully before switching.

Detecting your platform from browser metadata...

Universal baseline

Auto-updates enabled on OS + browser + password manager

Unique credentials and MFA on every critical account

Offline or immutable backup with monthly restore test

Select platform

Windows

Use native controls first: Defender, Firewall, BitLocker, and account privilege separation.

Estimated setup time

20 min

Expected impact

High vs commodity malware

Verification points

4 core checks

Step 1

Essentials first

  • Enable Defender real-time protection and cloud-delivered protection.
  • Turn on automatic Windows security updates.
  • Enable Defender Firewall for domain, private, and public profiles.
  • Enable BitLocker or device encryption and save recovery key securely.

Step 2

Hardening controls

  • Use standard account for daily work; admin account only when needed.
  • Disable unused remote services and review startup apps monthly.
  • Keep browser extensions minimal and trusted.

Step 3

Recovery readiness

  • Store BitLocker recovery key in protected offline location.
  • Maintain disconnected backup copies after backup jobs complete.
Windows Security settings
next: build habits and test credentialsalready compromised? open first-hour help

Guided journey

Step 4 of 9: Protect