Is any of the below approaches better and more secure than the other for RDP sessions?
1) Configuring a personal privileged account for each administrator (ex: tom-admin), and adding the account to the assets local admin group. Then configuring a policy in Safeguard allowing the administrator to login using his normal account (ex: tom) to request the privileged session configured with his personal admin account.
2) Configuring a common admin account (ex: pam-admin) and administrators should login to PAM using their admin accounts (ex: tom-admin, john-admin..) and requesting the privileged session configured with the common admin account on the asset?
In both cases MFA is configured and the account password is changed after check-in.