It depends. Where I live, this usually doesn't seem to be an issue for some reason. I guess IT administrators don't really know how powerful a screen reader is. Just to give you an idea, it would be trivial for anyone with basic Python experience to weaponize NVDA into a key logger and a screen scraping spyware, without admin rights, and no antivirus would complain.
In the US, this seems to be much more of a concern, so JAWS is often a requirement in big corp / government.
IIRC, accessibility hooks in Windows are very, very low level. Thus they bypass most security policies. Also IIRC, there’s been multiple “wontfix” “0-days” abusing those hooks and fixing them would basically brick Windows for people using accessibility tools.
My experience with corporate IT has been that they're not great at, or under resourced for, any outside-the-box situation.
But since accessibility software is a legal requirement, at least in the US, I'm curious if that breaks the tendency to inaction.