Forum Discussion
Option to block adding exclusions by (local) administrator on (managed) endpoint
Lately we've seen on blogposts that hackers add exclusions to a compromised system to circumvent Endpoint protection and to further penetrate networks and-or other systems. With Microsoft Defende...
Local "Administrator", emphasis on the word "Administrator".
There shouldn't be a local administrator on managed endpoints. They must be managed via EntraID and no local Admin account should be present.
Administrators have the power to control the security of a device and can disable security features at their discretion.
Please see this article for more info
Microsoft Security Servicing Criteria for Windows
https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria
There shouldn't be a local administrator on managed endpoints. They must be managed via EntraID and no local Admin account should be present.
Administrators have the power to control the security of a device and can disable security features at their discretion.
Please see this article for more info
Microsoft Security Servicing Criteria for Windows
https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria