Overview
Windows LAPS (Local Administrator Password Solution) is a cloud-based solution that helps organizations manage the passwords of local administrator accounts on Windows devices that are enrolled in Microsoft Intune. Cloud LAPS stores the passwords of local administrator accounts in Microsoft Entra ID, and it provides administrators with a secure way to view, reset, and rotate these passwords.
In this article we will walk you through how to obtain and rotate the LAPS password for a device using Microsoft Intune.
Access level (role) required to obtain LAPS password from Intune
To obtain the LAPS password from Intune, you must be a member of the following role:
- Intune Service Administrator
- Intune Device Administrator
- Intune Security Administrator
How to obtain Windows LAPS password using Intune
To obtain the LAPS password for a Windows device using Intune, you need to do the following:
- In the Intune Admin Center, go to Devices > All devices.
- Select the device that you want to obtain the password for.
- In the Overview pane, click LAPS.
- In the Local Administrator Password section, click View Password.
- The LAPS password for the device will be displayed in the Password field.
How to manually rotate LAPS password using Intune
To manually rotate the password of the local administrator account on a Windows device using Intune, you need to do the following:
- In the Intune Admin Center, go to Devices > All devices.
- Select the device that you want to rotate the password for.
- In the Overview pane, click LAPS.
- In the Local Administrator Password section, click Rotate Password.
- In the Confirm Password Rotation dialog box, enter the new password for the local administrator account and click Rotate Password.
The new password for the local administrator account will be stored in Microsoft Entra ID and will be available to administrators in the Intune Admin Center.