Active Directory Hardening Series
Part 1 – Disabling NTLMv1 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-1-disabling-ntlmv1/ba-p/3934787
Part 2 – Removing SMBv1 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-2-removing-smbv1/ba-p/3988317
Part 3: Enforcing ldap signing https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-3-enforcing-ldap-signing/ba-p/4066233
Part 4 – Enforcing AES for Kerberos https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-4-enforcing-aes-for/ba-p/4114965
More Speaking in Ciphers and other Enigmatic Tongues with a focus on SCHANNEL hardening https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/more-speaking-in-ciphers-and-other-enigmatic-tongues-with-a/ba-p/4047491
How to view and change the Windows Registry Settings for the SSL/TLS Protocols on a Windows Host This article explains what plugins show the SSL/TLS Protocols may appear on a Windows Host. This also explains how to update the settings. https://community.tenable.com/s/article/How-to-view-and-change-the-Windows-Registry-Settings-for-the-SSL-TLS-Protocols-on-a-Windows-Host?language=en_US
Frequently Asked Question about TLS and Cipher Suite configuration https://techcommunity.microsoft.com/t5/security-compliance-and-identity/frequently-asked-question-about-tls-and-cipher-suite/ba-p/3965784
windows-forensic-artifacts https://github.com/Psmths/windows-forensic-artifacts
query-logs-with-powershell https://iqunit.com/query-logs-with-powershell/