All our workstations are managed through Intune in User Mode, which means that there are no Admin rights on the workstations by default as part of our security hardening. Applications to be installed is dictated through the Company Portal.
However we do have some apps that are very difficult to package for Company Portal deployment and BTRS is then the route to go through and through the session the engineer has the ability to elevate command prompt/powershell prompt to install the particular application. Also for admin elevated tasks, BTRS is the lifeline.
Of course we do detect left and right that engineers “abuse” the rights and install apps without proper approval which in turn could be a security risk. Is there an “easy” way through any of the reports (haven't found any so far) to see who did elevation of command prompts/powershell prompts which can then be evaluated if it was correct use or abuse.
