CIS Benchmarks are generally the goto for system administrators looking to deploy securely configured software, and are, from what I can tell, highly regarded. For Windows, their recommendations are implemented with native tools. Also, if I recall, they provide explanations for their recommendations.
Irrelevant information below.
I very rarely interact with people on the internet (or in person for that matter), so forgive me if this post is implemented inappropriately.