My company switched from separate admin accounts to giving everyone admin permissions on their user account because that's what microsoft recommends.

I can't wait until this shit collapses over their heads. We also recently got some phishing mails that spoofed microsoft.com as the sender and got through all the microsoft security, I stopped one of my colleagues from clicking on it.

After reporting that, I was told some generic "yes, that's a phishing mail. Good job spotting it, now delete it and don't click any links". No one even wondered how the spammers could spoof microsoft.com.