They did login on a global admin account and wiped devices via whatever turd technology is used currently to have complete control over your employee's devices centrally.

Central control over everything gives you central way to shoot yourself in the foot. Duh. Don't be a control freak company maybe, or if you are, have 2FA on your admin's accounts.

"Nation state" my ass.

They also demonstrated that one rogue admin could have deleted the entire company in like one evening, too, if he felt bad enough.

Well, they also relied on this company to protect them, so...

https://www.bleepingcomputer.com/news/security/microsoft-ent...