Introduction
Microsoft continues its commitment to enhancing IT security with the evolution of the Microsoft LAPS, now presented as the new and improved Windows LAPS (Local Administrator Password Solution). This revamped solution is designed to fortify the security of local administrator accounts across a range of Windows devices. With its native integration into Windows, there’s no longer a need for external installations. Furthermore, its compatibility with Entra ID (formerly known as Azure Active Directory) offers benefits such as password retrieval via Microsoft Graph, Entra ID RBAC policies, and Intune management. Enhanced features for on-premises Active Directory scenarios further elevate its capabilities.
Windows LAPS is now available for the following Windows editions:
- Windows 11 Pro, EDU, and Enterprise
- Windows 10 Pro, EDU, and Enterprise
- Windows Server 2022 and Windows Server Core 2022
- Windows Server 2019
So, what’s new with Windows LAPS? Here are some of the key updates:
- Natively Integrated into Windows: No more need to install an external MSI package. Future fixes or feature updates will be delivered via the standard Windows patching process.
- Microsoft Entra ID Support: Windows LAPS now works in conjunction with Entra ID, offering benefits such as password retrieval via Microsoft Graph, Azure RBAC policies, and Intune management.
- New Capabilities for On-Premises Active Directory Scenarios: With features like password encryption, password history, and Directory Services Restore Mode (DSRM) password backups, on-premises AD users get a significant security boost.
- Rich Policy Management for Entra ID and On-Premises AD: Enjoy advanced policy management through Group Policy and Configuration Service Provider (CSP).
- Additional Features: Windows LAPS now comes with a dedicated event log, an improved PowerShell module, and support for hybrid-joined devices.
With these updates, Windows LAPS offers a comprehensive solution for securing your local administrator accounts, whether you’re using Entra ID or on-premises Active Directory. We highly recommend adopting these new features to benefit from the enhanced security measures.
Start using Windows LAPS in your existing deployment today and strengthen your security posture.
Error message after the April Patch Tuesday
Recommended Reading
- Tracking Windows LAPS Activity with Sentinel through Event ID 4662 – Kaido Järvemets (kaidojarvemets.com)
- Monitoring Windows LAPS Deployment with Azure Workbook – Kaido Järvemets (kaidojarvemets.com)
- Your Ultimate Guide to Windows Local Administrator Password Solution (LAPS) – Kaido Järvemets (kaidojarvemets.com)
- KQL Queries for Windows LAPS Migration – Kaido Järvemets (kaidojarvemets.com)
- Monitor Windows LAPS Events with Microsoft Sentinel – Kaido Järvemets (kaidojarvemets.com)
- How to Update the Windows Server Active Directory Schema for the Latest Version of Windows LAPS – Kaido Järvemets (kaidojarvemets.com)
- Windows LAPS – New Group Policy Settings – Kaido Järvemets (kaidojarvemets.com)
- Windows LAPS EventIDs and XPath Queries – Kaido Järvemets (kaidojarvemets.com)
- Windows LAPS PowerShell Commands – Kaido Järvemets (kaidojarvemets.com)
