Tackling the dangers of local admin rights in the new world of modern desktops

Allowing employees to have local administrator rights is fraught with dangers for any business.

It increases the risks of malware and virus infections, thereby making not just that one PC, but the entire network, far more vulnerable to hackers.

The chances of a data breach, and all of the ramifications that come with that – particularly reputational damage and enormous financial costs – also rise substantially.

Most organisations are investing in staff training to help them spot potential phish attacks and potential malware, but humans are highly fallible and modern attacks are incredibly sophisticated. It’s too easy to make mistakes.

Removing local admin rights

Bearing those perils in mind, many organisations would like to remove local admin rights but can be deterred by the fact it usually causes more calls to the IT help desk, which they fear will increase workloads. Requests might include installing software, updates or extensions, or configuration changes on the endpoint such as network settings.

Some businesses will not even be aware of the ability to remove local admin rights. But they can be removed with the right technology in place - that being Privileged Endpoint Management (PEM) software.

Moving to modern desktops

We’re seeing fast growing demand to remove local admin rights to protect end user workstations. At the same time, we are increasingly receiving requests to support Microsoft Azure AD access management.

That’s because many businesses are moving more of their IT estate to the cloud, pivoting away from on-premises Active Directory, and adopting Microsoft’s ‘modern desktop’ strategies.

That includes Azure AD, a part of Microsoft InTune solution for user and device management in the cloud. It’s used by every organisation using Microsoft 365, Office 365, Azure, or Dynamics CRM online.

Benefits for obtaining cyber insurance

Rolling out modern desktops and moving to the cloud is a key way for businesses to satisfy cyber insurers who, in response to mounting cyber attacks, are making increasingly difficult demands for. They want to see businesses have the tools, processes and people in place to reduce the chance of having to make claims.

We anticipate the trend towards cloud will quicken in the coming year or two, with Microsoft strongly encouraging organisations to move to Azure as part of their 365 licences as they refresh their laptop stock through Windows 10 and 11.

So, in five years’ time we expect the majority of all desktops to be on Azure AD and managed on Intune.

What is Osirium doing to help?

Our PEM solution already provides a solution for business to tackle the dangers of local admin rights, coupled with the traditional Osirium strengths of being easy to deploy and manage, and boosting productivity.

And now we’ve upgraded PEM, offering 100% native Azure AD support in the latest release. So, it now supports workstations managed by Azure Active Directory, meaning its future-proofed, whilst still working efficiently in the background, just as before.

What about those businesses who want to know PEM will work as they make the transition from on-premise AD to Azure? Osirium PEM meets their requirements too because it supports all three options – on-premise, hybrid, and native Azure AD.

Osirium PEM v3 is available immediately from the Microsoft Azure Marketplace. Contact us for more information. Watch our video below for more: 

Related Topics