Setup Windows LAPS in just 5 Minutes

Introduction

This tutorial provides a step-by-step guide to setting up Windows Local Administrator Password Solution (LAPS) in just five minutes. LAPS enhances security by managing local administrator passwords across multiple devices, making it crucial for organizations looking to improve their security posture. This guide will cover the necessary configurations within the Entra ID portal and Microsoft Intune portal.

Step 1: Access the Entra ID Portal

1. Open your web browser and navigate to the Entra ID portal.
2. Sign in using your administrative credentials.
3. Once logged in, locate the Security section in the left-hand menu.
4. Click on Authentication methods to start configuring LAPS.

Step 2: Configure LAPS in Entra ID

1. In the Authentication methods section, find Local Administrator Password Solution.
2. Enable LAPS by toggling the switch to the "On" position.
3. Set the parameters for password management, including:
   • Password Length: Choose a secure password length (recommended at least 12 characters).
   • Password Complexity: Ensure the password meets complexity requirements (use a mix of uppercase, lowercase, numbers, and symbols).
4. Save your settings to apply the changes.

Step 3: Access the Microsoft Intune Portal

1. Open a new tab and navigate to the Microsoft Intune portal.
2. Sign in with your administrative credentials.
3. In the Intune dashboard, go to Devices in the left menu.

Step 4: Create a LAPS Policy in Intune

1. Click on Configuration profiles.
2. Select Create profile.
3. Choose the platform as Windows 10 and later.
4. Select the profile type as Templates and then Local Administrator Password Solution.
5. Fill out the required fields for the policy, including:
   • Name: Give your policy a descriptive name.
   • Description: Provide additional details about the policy.
6. Assign the policy to the appropriate groups of devices.
7. Save and deploy the policy to enable LAPS on the selected devices.

Step 5: Verify LAPS Deployment

1. After deployment, monitor the devices to ensure the policy is applied.
2. Use the Device compliance section in Intune to check if devices are compliant with the LAPS policy.
3. You can also verify the status by checking the local administrator passwords on the devices to ensure they are being managed by LAPS.

Conclusion

You have successfully set up Windows LAPS to enhance your organization's security by managing local administrator passwords. This solution not only secures administrative access but also simplifies password management across devices. For further reading and detailed scenarios, check the Microsoft documentation provided in the video description. Consider migrating from any legacy LAPS solutions to fully leverage the capabilities of the new deployment for improved security.