Forum Discussion
Incorrect Identification of Local Admin in Defender for Endpoint
Hello everyone, I am facing an issue with Microsoft Defender for Endpoint where a user is incorrectly identified as having local admin rights. In the Devices menu of the workstation in Defender, the...
Hi,
Yes, I can confirm that “Administratorer” is the same as your image. Also, the same users and groups are present.
That why I don't understand how and why MDE is getting this information.
It looks like your filtering options are different, As I told "Administratorer" has a spelling issue. Appreciate if you could share a screenshot. :)
oh :), in that case it could pose security risk, check windows sign in logs to see any recent logins especially 4624, could be privilege escalation activity, has MDE detected anything. ?
"Administratorer" is just Administrator in Danish :)