In Part I of our blog Simplifying Windows LAPS Configuration with Intune, we talked about the necessary pre-requisites, and went over the first part in our comprehensive approach to enhancing local administrator account management.
Now, let’s embark on the second stage of our implementation journey - Enabling and Configuring Windows LAPS (Local Administrator Password Solution).
In this crucial step, we dive into the configuration settings and options, unleashing the power of Windows LAPS to enhance the security and management of local administrator passwords. By taking advantage of this robust solution, you'll fortify your organization's defenses and streamline password administration.
This Part 2 is further divided into 3 steps that need to be performed to Setup Windows LAPS in your Intune Environment:
Enable LAPS for your Tenant
Enable Password Management via Configuration Profile
Go to Microsoft Intune admin center.
Navigate to Devices > Windows > Configuration Profiles.
Create on Create profile. Platform: Windows 10 or later. Profile type: Settings Catalog.
Policy Configuration Settings
Basics
Name: LAPS – Enable Password Management
Description: This policy enables password management for Windows LAPS. (Change it as per your requirement)
Configuration Settings
Search and Enable: Accounts Enable Administrator Account Status (Optional)
Note | Only Enable the above Accounts Enable Administrator Account Status setting if you are using your default administrator account as local administrator.
Verification of the implementation
Now that the configuration has been implemented, it's time to validate the effectiveness of our setup by verifying our ability to retrieve passwords from Intune. This step ensures that our implementation is functioning as intended and that we can successfully access the passwords associated with the local administrator accounts. Let's proceed with the verification process and ensure that all the pieces of our configuration puzzle are securely in place.
Intune
To fetch the password via Intune portal follow the below steps:
Alternatively, you can also retrieve the password from Azure Portal by following below steps:
Conclusion
We have now explored the step-by-step process of configuring Windows LAPS (Local Administrator Password Solution) with Intune. By completing the prerequisites, deploying local admin accounts, and enabling Windows LAPS, you have fortified security and streamlined password management across devices. With the ability to retrieve passwords from Intune and Azure AD, you now have full control over local administrator accounts.
We encourage you to share your experience or ask any questions you may have. Thank you for joining us on this implementation journey, and may your administrative practices be secure and efficient.