Home / Explore our latest insights / Windows Local Administrator Password Solution with Microsoft Entra ID now generally available

Published: 16th November 2023 | In: Insights

We’re thrilled to share a significant stride forward in cyber security – the updated Windows Local Administrator Password Solution (LAPS) is now integrated with Microsoft Entra ID and Microsoft Intune. This innovation spells a leap ahead in secure, flexible, and user-friendly experiences. This feature is now generally available in all tenants.

Historically, LAPS excelled in auto-managing local administrator passwords on domain-joined computers, enabling randomly generated and regularly updated passwords. This strategy was pivotal in thwarting unauthorised access and potential cyber threats through the local administrator account.

The evolution of this key feature sees the integration of LAPS with Microsoft Entra ID and Microsoft Intune, extending its benefits to a wider array of devices. This empowers your organisation to bolster the protection of local administrator accounts on Windows devices, thereby mitigating risks like Pass-the-Hash (PtH) and lateral traversal attacks.

In addition to heightened security, the upgraded LAPS offers advanced features such as tenant-wide and client-side policies, password recovery, role-based access control policies, audit logs, and seamless integration with conditional access policies. These features simplify password management and boost compliance with cyber security norms and regulations.

Looking ahead, Microsoft is committed to enhancing LAPS further with additions like automatic local administrator account creation, device notification, and just-in-time enabled self-service password recovery. These upcoming features promise to augment the security and versatility of LAPS, ensuring it stays ahead of the curve in meeting your evolving needs.

At Quorum Cyber, we’re dedicated to helping you fight bullies. If your organisation isn’t using LAPS right now, or it’s being used on domain-joined devices only, speak to us about how this valuable feature can be extended to work with your hybrid-joined or Microsoft Entra joined devices too, completing your coverage and helping prevent adversaries from getting their hands on local administrator passwords.

Remember, your organisational identities are the security perimeter – protect them as best as you can with Microsoft Entra and Quorum Cyber.