Thanks for posting your question in the Microsoft Q&A forum.
- Disable Windows Recovery Environment , use the command
reagentc.exe /disable
to disable the Windows Recovery Environment. This can be executed via a startup script in GPO. This command will prevent users from performing a reset through the settings or advanced startup options - Create an AppLocker policy to deny access to
systemreset.exe
- You can also block access to the recovery settings page using URI commands in GPO. This involves creating a policy that blocks the specific settings page for reset options
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful