Hasn't been my experience. With managed systems on azure life is fairly easy from a sysop perspective. Getting ransomware is more of a strategic problem than an operating system problem at that scale. Personally, I prefer Linux servers. But my motivations aren't the same as other companies. For example, I really don't like the idea of license fees or vendor lock-in. In exchange, however, my Linux servers take more effort to secure properly with many more foot-guns available via configuration file.
I don't. Except this isn't an uncommon opinion. There are literally tomes of knowledge (available via nostarch for example) describing firewall configuration and many other aspects of server administration. My linux desk reference is the size of an encyclopedia.The PfSense book is similarly massive (though that's more of a BSD thing).
In Windows Server's defense most common fixes are available either via console (azure) or through a series of often very simple clicks. Microsoft really nailed the user-friendly GUI-driven experience to setting up a server (mostly) safely and I think that shows in their adoption.
I am not a server admin because they aren't paid enough for all the crap they have to deal with.
A sane netfilter or pf config is like three to five lines which any noob can find with a web search, or "ufw status allow ssh ; ufw enable".
Netfilter and PF are capable of doing actual router stuff, you can just skip over that section if you want to.
The "GUI driven" argument is why businesses should just skip over hiring mediocre IT people who don't really "get" servers and just do SaaS. Kinda like how "just use GSuite" replaced all those MS Exchange ""experts"".
