Azure AD / Intune – Local Administrator Password Solution is now generally available

It has been a long awaited capability and has been in preview for quite some time.

In preparation for its general availability, Local Administrator Password Solution (LAPS) has been included in Windows – both client and server – thanks to the April updates (see https://t.co/8fpzOY7f7x).

Well, good news as LAPS is now generally available – even if I personally still recommend the use of the Azure AD Joined Device Local Administrator administration role.

To start using LAPS, you need to create an Intune configuration profile by connecting to your Intune portal (https://intune.microsoft.com/) and then access the Endpoint Security\Account protection blade and use the new Local admin password solution profile type

image

Then you can configure your LAPS settings; you can define where the local admin password is being saved (Azure AD or Active Directory – it can’t be both)

image

Then you need to connect to your Azure AD portal (https://aad.portal.azure.com/) to access the Azure Active Directory\Devices\Device Settings blade or Entra portal (https://entra.microsoft.com/) to access the Devices\All devices\Device Settings blade to enable the Local administrator settings

image  image

Once everything is in place and the configuration profile applied to your devices, you will be able to retrieve the local administrator password from either Azure AD or Active Directory (depending of the target define in the profile).

To retrieve the password from Azure AD, connect to your Azure AD or Entra portal to access the Devices blade to locate the device you want to retrieve the local administrator password which will be available from the Local administrator password recovery blade of the device

image

You can also recover the password from the Local administrator recovery blade available under the All devices blade; this way to recover allows you to view all devices which have the profile applied

image

Last option to recover the local administrator password is from the Intune portal by accessing the device properties blade

image

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.