@Nisk, Thanks for posting in Q&A. To remove the local admin permission, you can create "Local user group membership" profile under Endpoint security > Account protection, choose Add (Replace) action to replace current membership of local administrators group or choose Remove (Update) action to remove users from local administrators group. Here is a link with more details:
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.