Securing an operating system is a huge subject! For example a desktop or laptop is very different to a server or a server exposed to the internet, then there is virtualisation and containerisation. There are also differences depending on context, so home use and large enterprises are very different. The principles are the same as the risks and mitigations are very similar.
A good place to start when securing an operating system is with independent advice as this can help you understands the principles, so National Cyber Security Centre - NCSC is a good choice. There will be nothing new or radical here, just a collection of useful links and comments. The Center for Internet Security also provide some great resources, for operating system hardening see CIS Benchmarks which explains the what and the why as well as how to audit.
It is always good to see what the Windows security configuration framework | Microsoft Docs