Restricting to Local Admin != Mitigation
I frequently come across and use endpoint exploits and attack vectors that “require admin”. Almost as frequently, I hear people in the industry stating, “We’re safe from that; it requires local admin|system”. In many cases, that is not a mitigation. If you’re putting trust in the assumption that restricting to local admin will protect you, how secure do you think you really are from an attacker?