If a malicious actor can find a vulnerability in your network to run their own malicious code, they can take control of your business. As many different ways that we try to prevent it, like limiting access and protecting your passwords, the reality is that security hardening to prevent unauthorized executables is the solution.
If you think of a server like potter’s clay, it is designed to be shaped and molded into what you want. The problem is that if you don’t harden it, malicious actors can reshape it how they want!
The security hardening process for Windows AppLocker, included with Windows server 2016, is to use your current, working server to create a policy.