It has been a long awaited capability and has been in preview for quite some time.
In preparation for its general availability, Local Administrator Password Solution (LAPS) has been included in Windows – both client and server – thanks to the April updates (see https://t.co/8fpzOY7f7x).
Well, good news as LAPS is now generally available – even if I personally still recommend the use of the Azure AD Joined Device Local Administrator administration role.
To start using LAPS, you need to create an Intune configuration profile by connecting to your Intune portal (https://intune.microsoft.com/) and then access the Endpoint Security\Account protection blade and use the new Local admin password solution profile type
Then you can configure your LAPS settings; you can define where the local admin password is being saved (Azure AD or Active Directory – it can’t be both)
Then you need to connect to your Azure AD portal (https://aad.portal.azure.com/) to access the Azure Active Directory\Devices\Device Settings blade or Entra portal (https://entra.microsoft.com/) to access the Devices\All devices\Device Settings blade to enable the Local administrator settings
Once everything is in place and the configuration profile applied to your devices, you will be able to retrieve the local administrator password from either Azure AD or Active Directory (depending of the target define in the profile).
To retrieve the password from Azure AD, connect to your Azure AD or Entra portal to access the Devices blade to locate the device you want to retrieve the local administrator password which will be available from the Local administrator password recovery blade of the device
You can also recover the password from the Local administrator recovery blade available under the All devices blade; this way to recover allows you to view all devices which have the profile applied
Last option to recover the local administrator password is from the Intune portal by accessing the device properties blade
