![Full Logo.png]](https://help.devicie.com/hs-fs/hubfs/Full%20Logo.png?height=30&name=Full%20Logo.png){kind=small}
Foundation - Windows LAPS (User)
Overview
The Devicie Windows LAPS (Local Administrator Password Solution (LAPS)) template provides configuration to ensure local administrator accounts are secured, with best practice recommendations for Windows.
Intune Description:
LAPS best practices.
Scope:
This baseline should be applied to Users.
Policy Impact Areas:
When deployed, this policy will impact:
-
Enforcing LAPS on Windows endpoints.
Deployment Notes
-
Pre-Deployment Considerations:
-
LAPS must be enabled/prepared manually to the tenant. Refer to Devicie Tenant Preparation article for further information.
-
-
Post-Deployment Validation:
-
Verify LAPS configuration, with password length (15 character) requirements
-
Known Issues and Resolutions
-
Issue 1: Enabling LAPS on the tenant prior to configuration deployment
-
Resolution: Follow Devicie knowledgebase article on guidance to ensure tenant is correctly prepared.
-
Configuration Settings:
|
Name |
Value |
|
Backup Directory |
Backup the password to Azure AD only |
|
Password Age Days |
30 |
|
Password Complexity |
Large letters + small letters + numbers + special characters (improved readability) |
|
Password Length |
15 |
|
Post Authentication Actions |
Reset the password and logoff the managed account: upon expiry of the grace period, the managed account password will be reset and any interactive logon sessions using the managed account will terminated. |
|
Post Authentication Reset Delay |
4 |
|
Devicie Template Name |
LAPS |
|
Default Intune Deployed Name |
DEVICIE-PROD-LAPS |
|
Version |
1.0 |
|
Template Last Updated |
Nov 18, 2024 |
|
Document Last Updated: |
Apr 10, 2025 |