Which manual step is part of PSM hardening?

The process of PSM (Privileged Session Manager) hardening involves implementing specific measures to enhance the security posture of the system. One critical step is to remove the default "Domain Users" group from certain privileges or access levels. This action limits the exposure and potential attack surface by ensuring that only necessary and authorized accounts have the ability to access sensitive systems or perform high-privilege tasks.

The rationale behind this step is to adhere to the principle of least privilege, which ensures that users are granted only those permissions essential for their job functions. By eliminating broad access associated with the default "Domain Users" group, organizations can significantly reduce the risk of unauthorized access or potential compromises stemming from users who may not require access to sensitive operations.

While other options might include actions that improve security, such as installing security patches or enabling additional authentication protocols, they do not specifically address the targeted approach of modifying user groups as it relates to PSM hardening. This makes the removal of the default "Domain Users" group a uniquely crucial step in establishing a more secure operating environment for managing privileged sessions.