Microsoft

What guides or courses would you recommend to an administrator to strengthen the protection of a cloud service?

There is a service that uses the Microsoft technology stack (Windows Server, SQL Server, IIS). The service is well protected. Knowledge and technologies about how this protection is arranged, and how complete it is, are stored in the heads of several specialists.
To expand and consolidate the knowledge of specialists, it is necessary to think about what to recommend for study, what to allocate more resources for. Ultimately, they will decide for themselves, but it is necessary to make an initial recommendation.
To set the order of study, as well as the order of registration of knowledge in the form of technologies (small documents with basic principles and settings + links to specific product manuals), I looked at:
- a list of 10 risks for cloud applications: https://www.owasp .org/index.php/Category:OWASP_Clo...
- some courses from www.microsoftvirtualacademy.com
- administration course programs from https://www.microsoft.com/learning/ru-ru/windows-s...
- manuals and checklists for various software products.
This list may not be complete. If you were asked what courses you would like to take, what books would you need to buy to expand your knowledge and strengthen the protection of a trusted service? What would you choose?
Or so.
You have already configured service. A new employee comes to you. In what order will you tell him how to maintain, control and increase security?
Start with a backup, how is it done, how is it encrypted / decrypted, and where is it stored?
Or from architecture, isolation, duplication, redundancy?
...
Suggest an idea. Recommend an article, approach, guide, framework, or certification program.