Because the real MS would never tell you this particular truth....
You just bought a brand new server for your enterprise and we’ve just installed a bunch of old and insecure crap, on all of your servers, just in case they might need to connect to something else that you may have lying around that’s also old and insecure. To eliminate any confusion about why all this complex stuff might not be working, we turned everything on and it’s fully enabled, so that your shiny new systems would just work out of the box without you needing to learn anything about them, or even wonder for a minute why you couldn’t just plug everything in and have it all go! So it does! ... because we’re Microsoft “Vulnerable by Design.”
But it should be noted that Microsoft - the real Microsoft - did use the phrase “Vulnerable by Design” to describe a design problem with device drivers.
This all came up in relation to one of the latest Windows security nightmares, PetitPotam, that allows for fairly complete attack via the NT LAN Manager and the Print System Remote Protocol. Click thru if you want details.