Language:
Microsoft places emphasis on maintaining backward compatibility in Active Directory infrastructure, which means that it cannot enable all hardening features.
Enable hardening GPOs to protect at least privileged users, specifically by disabling obsolete protocols to prevent attackers from exploiting them to elevate their privileges on the Active Directory.
[MS-NLMP] Session Security Details
MS09-001: Vulnerabilities in SMB could allow remote code execution