Please elaborate on what level of hardening that is performed on your Server and Database environment.

All accounts accessing our Azure-tenant requires 2FA through Azure AD. Database: We use Azure SQL Server instances which have all been set up with SQL Server Audit, Azure SQL Threat Detection and IP restrictions. Web Servers: Only accepts HTTPS, checked weekly by Detectify and in real-time by Azure Security Center.