@shmu26
Instead of going crazy trying to harden Windows using all the specific tweaks, the best protection is simply not to use products such as Microsoft Office. Microsoft Office itself introduces a whole lot of vulnerabilities into an already vulnerable OS. Because sooner or later, the malc0ders are going to find a way to bypass those protection rules on Windows. They've been doing that successfully for decades.
SmartScreen has protection holes. There are parts of the world where those protection holes cause massive pandemic infections - where USB BYOD is stupidly and wildly popular - such as India and Southeast Asia.
Windows 10 security is not good enough for the typical user. And by typical user I mean "high-risk" user. We have no way of quantifying the risk level of the typical user - but I can tell you that Microsoft does NOT assume that the typical user is a high risk user. Just look at their default security. The user can do anything they want. The default account is an Admin account. You have to take reality for what it is... and the reality is that Windows was never created with security in mind; security was, always has been, and remains an afterthought. The typical user's priority is not security. The typical user's priority is everything except security. And Microsoft's priority is to cater to what the majority wants - which is predominantly entertainment with some productivity. Security is down in the basement standing in a pool of water.
We have to assume the typical user is a high risk user. For sure, the average household with children members, and no security soft geek knowledge or experience, tends to fall into the high risk category. All you have to do is ask such a family questions and that fact becomes clear very quickly.
When you talk about security, context matters. Who is using the system ? Average Joe or security soft geek ? Grandma Grayson or Keygen-Warez-Fake_KMSActivator User ? 99.99% of the stuff discussed on these forums doesn't apply to anyone who does not regularly visit these forums - and by "regularly visit" I mean visit at least weekly.
If you're a security soft geek, you can handle Windows. If you're not a security soft geek, then you cannot handle Windows.
Anyway, I wouldn't use Windows without default-deny such as Hard_Configurator.