Generally agreed. Especially with ransomware these days I can only imagine how bad it would be if users had admin by default. I think the only reason we don't frequently see that attack vector now on home computers is because they aren't lucrative targets. If many/most corporate PC's were an effective vector into the rest of the systems because they had admin, it would truly be a nightmare. In the past when admin was common viruses were either just to cause a bit of chaos or exfiltrate data. Both bad, but now their is a direct financial incentive to shutdown the entire company.
That said, where I work there is a special path to admin if you have an actual need for it. It requires a security training course and special approval from a supervisor and the whoever leads technology in your division. And also signing a disclaimer that you now take full responsibility for any & all things that might possibly go wrong with your system due to use of admin privileges and all the consequences that entails, including "disciplinary actions" (screw up bad and you'll get fired). Makes one a bit more paranoid about security, which is healthy. I just wish the training & approval process included the education & tools needed to spin up your own VM's. It's not hard and the tools are free and (for anyone who really needs admin) relatively user friendly.
Otherwise things are very locked down. IT would much rather have you reboot than grant access to taskmanager to kill your own user processes.
That said, where I work there is a special path to admin if you have an actual need for it. It requires a security training course and special approval from a supervisor and the whoever leads technology in your division. And also signing a disclaimer that you now take full responsibility for any & all things that might possibly go wrong with your system due to use of admin privileges and all the consequences that entails, including "disciplinary actions" (screw up bad and you'll get fired). Makes one a bit more paranoid about security, which is healthy. I just wish the training & approval process included the education & tools needed to spin up your own VM's. It's not hard and the tools are free and (for anyone who really needs admin) relatively user friendly.
Otherwise things are very locked down. IT would much rather have you reboot than grant access to taskmanager to kill your own user processes.