[ad_1]
Today we’re excited to announce the general availability of Windows Local Administrator Password Solution (LAPS) with Microsoft Entra ID and Microsoft Intune. This capability is available for both Microsoft Entra joined and Microsoft Entra hybrid joined devices. It empowers every organization to protect and secure their local administrator account on Windows and mitigate any Pass-the-Hash (PtH) and lateral traversal type of attacks.
Since our public preview announcement in April 2023, we’ve continued to see significant growth in deployment and usage of Windows LAPS across thousands of customers and millions of devices. Thank you!
This feature is available on the following Windows OS platforms with the April 11, 2023, or later Windows Updates installed:
- Windows 11 22H2
- Windows 11 21H2
- Windows 10 20H2, 21H2 and 22H2
- Windows Server 2022
- Windows Server 2019
To manage client-side configuration for Windows LAPS, you can use:
We’re continuing to add support for more features based on customer feedback. Today, you can enable the following:
- Turn on Windows LAPS using a tenant-wide policy and a client-side policy to backup local administrator password to Microsoft Entra ID.
- Configure client-side policies via Microsoft Intune portal for local administrator password management to set account name, password age, length, complexity, manual password reset and so on.
- Recover stored passwords via Microsoft Entra/Microsoft Intune portal or Microsoft Graph API/PSH.
- Enumerate all LAPS-enabled devices via Microsoft Entra portal or Microsoft Graph API/PSH.
- Create Microsoft Entra ID role-based access control (RBAC) policies with custom roles and administrative units for authorization of password recovery.
- View audit logs via Microsoft Entra portal or Microsoft Graph API/PSH to monitor password update and retrieval events.
- Configure Conditional Access policies on directory roles that have the authorization of password recovery.
Features on the roadmap:
- Automatic local administrator account creation when configured for Windows LAPS.
- Device notifying Microsoft Entra ID when local administrator password is used for authentication.
- JIT enabled self-service local administrator password recovery for a device owner.
As always, we’d love to hear your feedback, thoughts, and suggestions! Feel free to share with us on the Microsoft Entra ID forum or leave comments below. We look forward to hearing from you.
Best regards,
Sandeep Deo (@MsftSandeep)
Principal Product Manager
Microsoft Identity Division
Learn more about Microsoft Entra:
[ad_2]
Source link