The 2020 Microsoft Vulnerabilities Report compiles every Microsoft security bulletin for the previous 12 months and analyses the trends. Thanks to the Register you can see the full report here, but a key headline is that 77% of all the Critical vulnerabilities could have been mitigated by removing admin rights.
Larger organisations would tend to do this anyway, but often smaller organisations don’t bother, just having one account for normal use which has admin rights too. Changing this can make your devices 4 times more resilient to cyber attacks from Microsoft vulnerabilities.
Don’t make these sorts of changes without talking with your IT support provider, but you would create 2 accounts on each device. One is the account you normally sign in to and use for day to day work, and this does not have admin rights. A separate account would have admin rights and be used when installing or updating software and patches.
In practice, it’s very easy to use such a configuration and that’s one reason that our devices have adopted this standard for a long time now. It’s also a key compliance point for Cyber Essentials.