To secure the windows server you can follow the below steps and implement the changes.
- Run windows update
- Reboot the server
- Disabled automatic updates from windows updates
- Enabled ports in firewall
- Enabled web application firewall
- Enabled plesk mail security settings
- Enabled spam assassin (server wide)
Have a great day........:)