Configuring account and password backup – Configuring automatic account and password backup for the local administrator account in Azure AD, or Active Directory, by using strong encryption.Configuring password rotation: Configuring automatic password rotation on a schedule for the local administrator account and manually rotating the password for the local administrator account by using a device action.Configuring password requirements: Configuring password requirements for the local administrator account.Via that CSP, Microsoft Intune provides support for the following capabilities of Windows LAPS: When using Microsoft Intune for the configuration of Windows LAPS, the configuration relies on the new LAPS CSP on Windows devices. That functionality can be enabled and configured by using Microsoft Intune and can use Azure AD as the storage location for the local administrator account and password. And all of that by relying on native functionality that’s available on Windows devices with Windows 10 20H2 or later, and Windows 11 21H2 or later. Another common use case is providing an entrance to recover devices that became inaccessible for Azure AD accounts. Besides that, Windows LAPS can also help with improving the security when providing remote support and with simply providing an alternative path for temporarily elevating permissions. Think about attacks like pass-the-hash or lateral-traversal. The use of Windows LAPS helps organizations to further protect Windows devices from attacks that are aimed at exploiting local user accounts. Windows LAPS is the new built-in functionality in Windows that can be used for managing the password of a local administrator account on the device. Introducing Windows Local Administrator Password Solution Note: This post will focus on Azure AD as the storage location for the local administrator account and password. This post will start with a quick introduction about Windows LAPS, followed with the steps to configure Windows LAPS and the options for retrieving, rotating and auditing the password of the local administrator account. So, securing that account is another important step in further securing the devices in the environment. The most obvious account for that would be the built-in local administrator account, as that account can’t be deleted and has full permissions on the device. Windows LAPS can be used to manage the password of a single local administrator account on the device. Big difference, however, is that Windows LAPS is now a built-in solution in Windows that can be configured via Microsoft Intune and that can use Azure AD as a storage location for the local administrator password. Windows LAPS is basically the evolution of the already existing LAPS solution for domain joined Windows devices. That feature is Windows Local Administrator Password Solution (Windows LAPS). More details about PersonalizationCSP can be found here.This week is all about another nice feature that was recently introduced in Windows, Microsoft Intune, and Azure AD. This is useful in case you are not getting desired result and troubleshooting the issue. Once policy successfully applied to Windows 10, you can also find following details in Registry.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |