All security software from any vendor is going to have issues, and often you just have to go with whatever the company is running for the whole environment and not compromising security because of some jokes from the 90s
These events are correlated against other actions that might have happened on the same system or other systems that the user had logged onto prior to this one.
Even if it's not the same user, the events are still correlated and alerted upon if suspicous. (both individually and holistically)
If users are using microsoft authentication for access, the accounts will be flagged and locked out, generally forcing users to fully authenticate with MFA and forcing a password change.
Last i heard the "state actors" had access to AD master credentials.