About three weeks ago, Microsoft announced the availability of Windows LAPS (Local Administrator Password Solution) capabilities through Patch Tuesday. This feature is also available on Windows 10, Windows 11 and Servers. At the time, Microsoft didn’t share many details on the new LAPS, though today, it went into depth on how Microsoft Intune can be used for local password management.
Atıl Gürcan, a senior program manager for Microsoft 365 CxP (Customer Experience Platform), writes in a Tech Community blog post:
As you may have heard; The Windows LAPS feature has been released for public preview in the last week of April. It supports two main scenarios for backing up local administrator passwords such as storing passwords in Azure AD and Windows Server AD. It also has interoperability with legacy LAPS solutions. On the other hand, this article; Windows 10/11 will focus on local cloud deployments for clients that do not have a legacy LAPS client installed, managed by Intune and either Hybrid Azure AD Joined or Azure AD Joined.
In this blog post, I will walk you through basic policy configuration and basic features of Windows LAPS such as accessing local administrator passwords from different consoles and manually triggering password rotation.
The walkthrough covers:
Enabling the Azure AD local administrator password feature
Creating a Local Admin Password Policy
Application of monitoring policy
Accessing local admin passwords
You can see the guide article on Microsoft’s official website. Here.
In related news, Microsoft confirmed interoperability issues with legacy LAPS. When Legacy LAPS (MSI package) is installed on machines with the latest Patch Tuesday updates, both legacy as well as newer Windows LAPS are broken. And as promised, Microsoft announced that it has fixed these issues with the latest Windows 11 non-security preview updates. This fix is available for both Windows 11 21H2 (KB5025298) as well as Windows 11 22H2 (KB5025305).