Local Admin Merge should be disabled
Why This Matters
When local admin merge is enabled, local administrators can add their own exclusions to Microsoft Defender Antivirus, potentially bypassing security policies set by the organization. This creates a significant security gap where users with local admin rights could disable protections or whitelist malicious files, weakening your overall endpoint security posture.
What Aether365 Checks
Aether365 verifies that the "Disable Local Admin Merge" policy is enabled in your tenant, preventing local administrators from overriding or modifying Microsoft Defender Antivirus exclusions. This check appears in your Aether365 dashboard under the Defender checks category.