Microsoft offers two relatively recent approaches to limiting authority delegations: Just Enough Administration and just-in-time (JIT) administration.
In many administrative situations, a user performs a small number of tasks that would traditionally require a high level of privilege. The user ends up with far more privileges than they need to complete the job.
Windows Server 2016 allows connections over PowerShell Direct, secure file copies between Just Enough Administration points and a Just Enough Administration mode for PowerShell consoles.
JIT administration lets a user request elevated privileges to perform certain tasks. JIT is complementary to Just Enough Administration -- IT organizations can use them individually or together as JitJea.
JIT relies on privileged identity management and privileged access management. When the administrator approves a user request, JIT applies privileges through a new bastion forest that is isolated from common applications or user forests. It automatically revokes privileges when the user completes the work or the allotted time expires.