Not 'industry standards'.
It is Microsoft standards masquerading as "industry standards".
Microsoft software is the poorest designed for security. Passwords stored in plaintext, hashes used for authentication, falling back to known broken authentication... executable everything...
The only way to win (in security) is to not use Microsoft software.
Yes, paraphrased :-) but still true.
Biting the hand that feeds IT
