Here is a collection of links that I tend to talk about.
Great resource for DFIR with PowerShell and home of Invoke-IR.
Microsofts tool for managing local admin passwords throughout the domain
Microsoft Whitepaper that covers architectural and implementation details for Privileged Access Workstations.
Jessica Payne's excellent article on how to setup centralized monitoring and what important events to look out for.
GoateePFE's article detailing PowerShell security features and a lot of great links to other PowerShell security resources.
Sean Metcalf's article on how to detect modern PowerShell attack tools.