Welcome to the new and improved Windows LAPS! That's Local Administrator Password Solution. We've been listening to your feedback and requests, and the day is finally here for both cloud and on-premises environments.
We're very happy to announce that new LAPS capabilities are coming directly to your devices starting with today's April 11, 2023 security update for the following Windows editions:
Update (10.24.2023): The Microsoft Entra scenario for Windows LAPS is now generally available! See the Microsoft Entra Blog for details. |
Have you ever wanted the ability to secure the local administrator accounts on your deployed Windows devices? Have you ever needed to recover a device and wished you could log in with a local administrator account? And what about doing these tasks on Azure Active Directory-joined machines?
You might already be familiar with the existing Microsoft security product known as Local Administrator Password Solution (LAPS). LAPS has been available on the Microsoft Download Center for many years. It is used to manage the password of a specified local administrator account by regularly rotating the password and backing it up to Active Directory (AD). LAPS has proven itself to be an essential and robust building block for AD enterprise security on premises. We'll affectionally refer to this older LAPS product as "Legacy LAPS".
Windows LAPS is a huge improvement in virtually every area beyond Legacy LAPS. Let's talk about some of the exciting new capabilities that are included in this new Windows LAPS feature based on your feedback!
The feature is ready to go out-of-the-box. You no longer need to install an external MSI package! Any future fixes or feature updates will be delivered via the normal Windows patching processes.
Together with Microsoft Entra ID (formerly Azure AD), Windows LAPS offers the following benefits for managing passwords in the cloud:
Here's what you couldn't previously do with legacy LAPS, which is now available to you on premises:
Take advantage of rich policy management, rotating the Windows LAPS account password in Intune, dedicated event log, new PowerShell module, and hybrid-joined support.
We encourage you to start using the new Windows LAPS feature in your existing deployment with the April 11, 2023 update. You may consider getting started first by leveraging the new emulation mode and then migrate over to the new features in a phased manner. Or you can just jump into the new features right away – we won't mind!
We do strongly recommend adopting the new features in order to take advantage of the new security improvements. Doing this will be much more secure for these sensitive passwords, especially when stored in Active Directory with encryption enabled, or in Azure AD.
Happy LAPS-ing!
Want to catch up on the LAPS story? Watch this informative walkthrough:
Ready to get started? Check out our documentation and demos:
Note: The initial release of Windows LAPS in the April 11, 2023 update contained a legacy LAPS interop bug. This bug has been fixed as of the April 25, 2023 update for clients and the May 9, 2023 update for servers. See Legacy LAPS Interop issues with the April 11 2023 Update for more information and workarounds. |
Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.