Microsoft is rolling out the new Windows Local Administrator Password Solution (LAPS) that is now natively integrated directly in Windows, eliminating the need for IT admins to download it as an MSI package from the Microsoft Download Center.
The product has been available on the Download Center for man years and has been used to manage the password of a specific local administrator account by regularly rotating the password and backing it up to Active Directory (AD). Microsoft says LAPS has been an essential tool for AD enterprise security on premises.
Now, the tool is available for both cloud and on-premises environments. It will be part of Microsoft Entra and will shift from private to public preview later this quarter, Microsoft says, calling Windows LAPS a “huge improvement” in virtually every area beyond the legacy on-premises LAPS solution.
Windows LAPS will be natively ingegrated into following Windows editions:
- Windows 11 Pro, EDU and Enterprise
- Windows 10 Pro, EDU and Enterprise
- Windows Server 2022 and Windows Server Core 2022
- Windows Server 2019
According to Microsoft, the feature is ready to go out of the box and admins will no longer need to install an external MSI package. Fixes or feature updates will be delivered via the company’s normal patching processes.
In Azure AD environments, the private preview of LAPS can retrieve stored passwords via Microsoft Graph, create two new Graph permissions for retrieving only the password metadata or the sensitive cleartext password itself.
In addition, the Windows LAPS tool provides Azure role-based access control policies for password retrieval, supports Azure management portal for retrieving and rotating passwords, automatically rotates the password and allows management via Intune, the company says in a blog.
In addition to Azure AD features, Microsoft also updated the experience for on-premises Active Directory environments, including new password encryption, a password history feature, Directory Services Restore Mode password backups, emulation mode and automatic rotation.
For hybrid scenarios, Windows LAPS features policy management via both Group Policy and Configuration Services Provider, rotating the Windows LAPS account password in Intune, a dedicated event log, a new PowerShell module and hybrid-joined support.
Admins can begin using the new Windows LAPS with the April 2023 Patch Tuesday update, but the LAPS scenario in Azure AD is still in private preview and will shift to public later this quarter.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!