Windows has a variety of services that can run in the background to provide continuous functionality or features to the operating system. By disabling unwanted services, you can reduce the attack surface of the IIs server.
Perform logging to keep track of activity on your IIs server. Auditing allows you to understand and detect any unusual activity. Although auditing is not a preventative measure, it will provide valuable information about the access activity on your IIs server.