Now Reading: Enhanced Windows LAPS Policy Settings You Need to Know
-
01
Enhanced Windows LAPS Policy Settings You Need to Know
I was poking around Microsoft Intune yesterday (as one does on a chill afternoon 😅), and I noticed something new in the Windows LAPS policy section. Thought I would share in case you missed it! They have rolled out some fresh settings that give you way more control over local admin accounts.
These new features are shipped with the service release 2503.
Here is the official source: https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/whats-new#new-settings-for-windows-laps-policy.
Let us see what they added to Windows LAPS.
🆕 New Settings
- Automatic Account Management Enable Account – This setting allows you to enable or disable the automatic management of local administrator accounts.
- Automatic Account Management Enabled – Once enabled, this ensures that the specified local admin account is managed automatically.
- Automatic Account Management Name Or Prefix – Here, you can define a specific name or prefix for the local admin account that's being managed.
- Automatic Account Management Randomize Name – Want to add an extra layer of security? This setting lets you randomize the local admin account name.
- Automatic Account Management Target – This determines which accounts on the device are targeted for automatic management.
- Passphrase Length – Now, you can set the desired length for passphrases, giving you more control over password complexity.
🛠️ Tweaked Existing Settings
Password Complexity has new options like:
- Passphrase (long words)
- Passphrase (short words)
- Short words with unique prefixes (basically, passwords that are harder to crack but easier to remember? Yes please.)
Post-Authentication Actions now includes an option that:
- Resets the password, logs the account off, and kills any leftover processes. (This is a much welcome setting)
📺 Show me
Yes. Here we go. In the below screenshot you will see the new settings in Intune -> Endpoint security -> Account protection. Edit your existing one or create a new Local admin password solution (Windows LAPS) policy.
Once you have created, or edited your policy, your devices will pick up the new policy and the result will be like the following screenshot.
That is it for now. Until next time. 👋
Original Post https://www.burgerhout.org/enhanced-windows-laps-policy-settings-you-need-to-know/
