i've experienced a problem with the local admin account options.
When creating a new device configuration policy with policy type "endpoint protection" there are options in the blade "local device security options" > "Accounts".
The first one is called "Local admin account" with the description, that says, that i can enable or disable the local admin account (the build-in one) with this config item.
The first problem: The two config options are "block" or "not configured", which is kind of weird.
No matter which option i choose, the local admin account will left deactivated.
The renaming option is working as expected.