MSFT WebCast Watch on YouTube

79. How to configure Windows LAPS in Microsoft Intune | Azure AD

2 min read 4 months ago
Published on Aug 11, 2024 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial will guide you through the process of configuring Windows Local Administrator Password Solution (LAPS) in Microsoft Intune for Azure Active Directory. By following these steps, you'll enable secure management of local administrator passwords on Windows devices, enhancing security and compliance within your organization.

Step 1: Access Microsoft Intune

  • Log in to the Microsoft Endpoint Manager admin center.
  • Navigate to Devices in the left-hand menu.
  • Select Windows under the Platform section.

Step 2: Create a New Configuration Profile

  • Click on Configuration profiles.
  • Select Create profile.
  • Choose the following options:
    • Platform: Windows 10 and later
    • Profile type: Templates
    • Template: Local administrator password solution

Step 3: Configure LAPS Settings

  • In the Basics tab:

    • Enter a name for the profile (e.g., "LAPS Configuration").
    • Provide a description for easier identification.

  • Move to the Configuration settings tab:

    • Enable the option for Enable LAPS.
    • Configure the following settings:
      • Password length: Set a minimum length for the passwords.
      • Password complexity: Choose the desired complexity requirements.
      • Expiration: Specify how often the password should change.

  • Ensure you review and adjust any additional settings according to your organization's policy.

Step 4: Assign the Configuration Profile

  • Navigate to the Assignments tab.
  • Choose the groups you want to assign the LAPS profile to:
    • You can select All users, All devices, or specific groups.
  • Confirm your selections and click Next.

Step 5: Review and Create the Profile

  • Review all configurations in the Review + create tab.
  • Ensure all settings are correct and click Create to deploy the profile.

Step 6: Monitor Deployment Status

  • After creation, go back to Configuration profiles.
  • Select your newly created profile to check the status of the deployment.
  • Monitor the Device status and User status to ensure that the profile is applied successfully.

Conclusion

By following these steps, you’ve successfully configured Windows LAPS in Microsoft Intune for Azure Active Directory. Implementing LAPS helps secure local administrator accounts and mitigate potential security risks. For further action, consider monitoring the effectiveness of LAPS and reviewing password policies regularly to ensure compliance and security standards are met.

Table of Contents

Recent