Security hardening guides always explain why a setting is more secure than another. However, I find that they always lack an explanation of the negative consequences for when the more secure setting is selected.
Sometimes it's straightforward, like when a password policy is enforced : users may be annoyed to have to pick a password with this or that criteria.
Most of the time however, we simply don't know if users will simply not notice the change or if they will complain that they can't work anymore. For example, if I disable some protocol on a workstation, it might either completely be fine or prevent a key business application from being reached.
What I would love in a hardening guide is a list of potential negative consequences and a way to identify if they are likely to occur.
For instance, "if you enable this, users will no longer see this or be able to do that" and/or "to check if such a negative consequence is likely to occur, here's a command you can run that audits the past usage of this protocol/setting/whatever".
This way, it's much easier to pull the trigger when activating secure settings and support can know whether a future user complaint may or may not be linked to a recent change.