It's difficult to prevent credential-based attacks if you don't understand where your risks are. Do you know where the greatest vulnerabilities are? Do you have unmanaged identities that could act as gateways for credential-based attacks? Do you have policies in place that require unique passwords for each account?
Credential theft prevention is possible, and it begins with basic security best practices. The fewer access points available, the lower the risk of stolen-credential attacks. By deploying least privilege policies, where only those who require access for job functions have permissions, you decrease the number of identities with credentials. This is especially necessary for critical systems and data.