Remove local admins on identity assets

Implementation Effort: Medium: This effort score was chosen because it requires ongoing monitoring and remediation of privileged access rights across identity assets, which involves continuous resource commitment from IT and Security Operations teams.

User Impact: Medium: A subset of non-privileged users, specifically those with local admin rights, need to take action or be notified of changes.

Overview

The "Remove local admins on identity assets" security assessment in Microsoft Defender for Identity highlights local admins that pose a risk to your environment. It is used to identify and remediate accounts with indirect control over identity systems, thereby improving organizational security posture by preventing privilege escalation attacks.

Reference

Remove local admins on identity assets - Microsoft Defender for Identity