Add LAPS support into Intune
Add Microsoft Local Administrator Password Solution into Intune
David Johnson commented
We are moving from hybrid to Azure AD but rely heavily on password rotation for device support and remediation and security. How do we go completely cloud if this is a required part of our model without 3rd party tools?
Al Schneiter commented
@tomas garraty, I guess it makes more sense for MDM enrolled devices. An only Azure AD Joined device is not managed and therefore no policies or profiles are applied
Thomas Garrity commented
I don't think this belongs in the Intune user voice. This should be in the Azure AD user voice. Intune is only for MDM-enrolled devices. Should be able to manage LAPS for Azure AD joined devices, no matter if they are MDM enrolled or not.
LAPS for Intune would be great. Or something similar...
Synergix SEVA ( Secrets Vault ) is the offering that supports password rotation you're looking for.
* SEVA software is FREE for EDU and NFP when managing the local administrator account password on Azure AD joined computers.
Nothing from Microsoft was announced during MS Ignite 2019.
James Read commented
What is the status of LAPS with Intune?
Matthias Multerer commented
LAPS for AAD was announced at Ignite 2018 (Session BRK3037), is still in development and planned for 2020 (without any warranty).
Dan Bennett commented
As MS Ignite 2019 is going on now and this (LAPS on Intune) was announced at Ignite in 2018... I wonder what the status is now?
Will be nice
Olívio Moura commented
Please add a intune functionality that allows management of local admin accounts of the intune computers and its password.
dan anderson commented
azure allows admin group users to be local admins, without the local admin... eliminates the need for local admin password. only issues would be if the computer was disconnected, and previously unregistered admin tried to login.
Available here realmjoin.com
Synergix Secrets Vault for EDU.
1. Secrets Vault 2019 Version free license for Edu ; no limit on count of computers !
2. Works, Installing on 40,000 Azure AD and On Prem joined computer in a school district !!!
One solution for all cases
- Windows 7.0 and above
- Windows Server 2008 R2 and above
- Azure AD, On Prem AD, Workgroup computer
- Cloud provider agnostic ; works with Amazon Cloud, Google Cloud, IBM Cloud and more
- Fully supported product, with regular updates coming with enhancements and new features.
LAPS Alternative commented
Synergix Secrets Vault for EDU.
Password-Rotation-As-a-Service. Alternative to LAPS for Azure
**** Free* subscription for Edu Only ***.
1. Azure AD Joined Windows 10 computers
2. On Premises AD Joined Windows 7.0 SP1, Windows 8.x, Windows 10 +
Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 supported !Software supports 3 local accounts
1. Built-In Administrator ( S-500 )
2. Alternate Administrator
3. Local UserPlus 1. Hardware and Software Inventory Reporting
3. Security Event Forwarding
* Limited Time offer on Secrets Vault 2019
Until Microsoft comes up with Local Admin Password Solution ( LAPS ) for Azure AD, here's one that is Azure AD Hybrid joined ready already !!
Please add LAPS in intune.
Any ETA would be awesome! Really want this!
Matthew Frahm commented
That's great to hear, jseerden. Is there an ETA for this function?
I wrote a Serverless approach a while ago using Intune PowerShell Scripts, Azure Functions and Azure Key Vault @ https://www.srdn.io/2018/09/serverless-laps-powered-by-microsoft-intune-azure-functions-and-azure-key-vault/
Microsoft has also announced that this is on the roadmap during Microsoft Ignite: