Another department in the corporation is probably accessing PII, so corporate IT installed the security software on every Windows PC. Special cases cost money to manage, so centrally managed PCs are all treated the same.

Anything that touches other systems is a risk and needs to be properly monitored and secured.

I had a lot of reservations about companies installing Crowdstrike but I'm baffled by the lack of security awareness in many comments here. So they do really seem necessary.

It must be security tags on the lift which restrict entry to authorised staff.

who's allowed to use the lift? where do those keycards authenticate to?