Migrate LAPS from GPO to Intune

Question

Migrate LAPS from GPO to Intune

Yared H. Kebede 0

I have LAPS configured using Group Policy, and it's working fine. Now, I would like to migrate the management to Intune. I followed an article I found online and set up our configuration accordingly, but I can't see the local administrator password in the Intune portal (it's not working).

What did I miss, or what should I do to successfully migrate LAPS from GPO to Intune?

1.I have enabled Azure AD LAPS within my Azure Tenant: Entra ID > Devices > Device Settings > Enable Microsoft Entra Local Administrator Password Solution (LAPS)

I have enabled the Built-in Administrator Account: Devices > Configuration profiles > Create profile....Local Policies Security Options (Enabled).

3.Configured the LAPS Policy: In the Intune admin center, Endpoint security > Account protection > Create policy.

Prerequisite: Windows platform: Windows 11 23H2

2 answers

Your answer

Answer 1

Rahul Jindal 11,171

Is the GPO also applied together with Intune policy? If yes, then GPO will take precedence.

Answer 2

Yes, both the GPO and Intune policies are applied together. I excluded my test workstations from GPO-2, do I also need to exclude them from GPO-1?

GPO-1:

Computer Configuration > Policies >Policies > Security Settings> Local Policies/Security Options

Accounts: Administrator account status : Enabled

Accounts: Rename administrator account : "CSAdmin"

GPO-2:

Computer Configuration > Policies > Administrative Templates > LAPS > Policy

Do not allow password expiration time longer than required by policy Enabled

Enable local admin password management Enabled

Password Settings Enabled

Share via

Migrate LAPS from GPO to Intune

2 answers

Your answer