BOOST Your Microsoft 365 Security with LAPS in Intune

I literally just implemented this in our organization last week! Nice to have a way to still provide admin in offbeat scenarios (e.g., device has no network/internet access and perhaps the fix is a situation that requires privilege elevation). Also makes auditors happy that I can say the password is different for every device and can be rotated. Great stuff, Johnathan!

robertneal

Thank you! This very clearly showed me what I was failing to understand in LAPS!

htrumbull

@5:17 "Note if a custom managed local administrator account name is specified in this setting, that account must be created via other means. Specifying a name in this setting won't cause the account to be created."

jnjnjnjnjnjn

Hi Jonathan, your demonstration is very neat especially the introduction is really amazing. It so easy to follow.

oninx

Thank you Jonathan, very helpful video as always. I will like to add that you will also need to push a configuration policy to enable the local admin.

ccotsios

very helpful video! Also I appreciated the less "whoosh" sounds with the animations. They freak out my dog (totally not your problem but it was very much appreciated)

Joshawa

I am currently implementing laps in my environment (in testing phase). I am wondering if there is a way in intune to monitor its usage. We don’t currently have a SIEM. I noticed it doesn’t seem to show under audit logs or sign in logs. Love your videos! Thanks man! 😊

JoeyGero

Thanks Jonathan! We'll be completing a migration from on-prem AD to Entra/M365 in the next few weeks and so many of your videos are proving invaluable as we prepare for the move. Please keep them coming!

AdamskiHamski

Quality content. Easy to follow and covers all of the required points.

lx

Really it's amazing video Jonathan I truly appreciate your effort on this contents 🤟

shanukacloud

This was an excellent explanation. The best I have seen by some margin!

networkn

another amazing video - I learned some stuff.

Hi, very easy explanation Kindly help how can add group or user to only view the administrator password

videozaheer

Super Helpful - Thanks Jonathan!

The passwords LAPS creates are pretty crazy and hard to type in.. using copy and paste would be useful for Elevated UAC prompts, but looks like windows doesn't allow you to paste in the UAC window - any ideas?

mredark

Thank you Jonathan, very nice video!!!
Some advice if i may Jonathan, in case you implement Laps. You need to be careful if you apply this to all devices. Let me explain. I had a case with a customer, who was using the Local Administrator account on some servers to run certain services. You can imagine what happened when all the passwords changed! :)
Make sure to identify any dependencies on local admin credentials before rolling it out, especially for critical services.

lefterispapadopoulos

Great video and thank you!
Just one question: if the LAPS policy also works for Cloud PC? I already have on Cloud PC provisioned but it doesn't have local admin password yet. Once I create a LAPS policy (and assign it to my Cloud PC group), will it generate a local admin and password for my Cloud PC?

HarryQ-gt

Hello, great video. What if LAPS password not showing on the select device? It's not greyed out, it's just not there.

michelfernandez

Love this. Do you have a video for enabling Bitlocker automatically within Intune?

chriso

I implemented this to my office environment, thanks for your help. I do have 4 servers that i had on my old GPO for LAPS, question, can i implement Intune LAPS to my servers? If so how or where can i find the documentation? TIA

pudatoo

Great video!
one qastion:
when we have the local admin password un the intune- is there a way or workflow to share it to a user?
Let's say that the user needs to install app and needs Admin privilege- what will happen then?

shyuuval