Windows
      Back to home
      1. Help Center
      2. Windows

      Windows LAPS (Local Administrator Password Solution)

      Overview

      Windows LAPS (Local Administrator Password Solution) is a cloud-based solution that helps organizations manage the passwords of local administrator accounts on Windows devices that are enrolled in Microsoft Intune. Windows LAPS stores the passwords of local administrator accounts in Entra ID, and it provides administrators with a secure way to view, reset, and rotate these passwords.

      You can learn more about Windows LAPS below:

      Get started with Windows LAPS and Entra ID

      Requirements

      To use Windows LAPS, you need the following:

      Benefits

      Windows LAPS provides the following benefits:

      • Centralized management of local administrator passwords.
      • Improved security of Windows devices.
      • Easy to use and deploy.

      Steps

      To enable Windows LAPS on Intune, you need to do the following:

      1. In the Intune Admin Center, go to Devices > Configuration profiles > Create profile.
      2. Select the Windows 10 and later platform.
      3. In the Profile type list, select Custom.
      4. In the Settings section, expand Windows LAPS.
      5. Select the Enabled check box.
      6. In the Local Administrator Account section, configure the following settings:
        • Minimum password length
        • Maximum password age
        • Password complexity requirements
        • Password history
      7. Click Create.

      Once you have enabled Windows LAPS, you can view, reset, and rotate the passwords of local administrator accounts from the Intune Admin Center.

      Things to be aware of

      When using Windows LAPS, there are a few things to be aware of:

      • Windows LAPS does not store the actual passwords of local administrator accounts in AAD. Instead, it stores a secure hash of these passwords.
      • Windows LAPS is not a replacement for strong security practices. You should still use strong passwords for local administrator accounts and other accounts on your Windows devices.
      • Windows LAPS is not a silver bullet. It is a tool that can help you to improve the security of your Windows devices, but it is not a guarantee that your devices will be secure.

      If you are looking for a way to improve the security of your organization's Windows devices, then Windows LAPS is a great option. It is easy to use, deploy, and manage, and it can help you to centralize the management of local administrator passwords.