Azure Domain Services Support for LAPS

Allow (or automatically install) LAPS within Azure Domain Services since this is the Microsoft supported standard for local administrator accounts.

LAPS: https://technet.microsoft.com/en-us/library/security/3062591.aspx

468 votes

(thinking…)

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

We’ll send you updates on this idea

Bill McIlhargey shared this idea · May 14, 2016 · Flag idea as inappropriate… · Admin →

planned ·

AdminAzure AD Team (Product Manager, Microsoft Azure) responded · Jul 30, 2019

This is currently in planning for enabling it for Azure AD joined devices, NOT for AAD DS

Show previous admin responses (1)

59 comments

Add a comment…

Attach a File

(thinking…)

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

Anonymous commented · December 17, 2020 3:28 PM · Flag as inappropriate

Our devices in Microsoft Security Center show as unsecure because of this not being configured even in Azure AD joined devices - it checks for a registry key that only works with LAPS. Would be nice if LAPS was configured so that we wouldn't have to ignore this setting on several hundred intune devices

Remediation options
Option 1 - Set the following Group Policy:
Computer Configuration\Policies\Administrative Templates\LAPS\Enable Local Admin Password Management
To the following value: Enable

Option 2 - Set the following registry value:
HKLM\SOFTWARE\Policies\Microsoft Services\AdmPwd\AdmPwdEnabled
To the following REG_DWORD value: 1

https://securitycenter.windows.com/security-recommendations/sca-_-scid-84?search=scid-84

Submitting...
Mahmud commented · December 13, 2020 9:55 PM · Flag as inappropriate

There is no update at all on this, Hmmmm strange, this is not an option this must be implemented ASAP.

July 2019 planning for enabling it ????? today is Dec-2020, that is over a year now.

I hate promises that never even delivered.

Submitting...
Barone, Lou commented · September 24, 2020 10:46 AM · Flag as inappropriate

Was hoping for ignite announcement on this but there wasnt one to my knowledge.

Submitting...
Hoang Nguyen Huu commented · September 22, 2020 2:54 AM · Flag as inappropriate

Can keep us up to date on this

Submitting...
Kevin C commented · September 10, 2020 8:59 PM · Flag as inappropriate

Update please....

Submitting...
Anonymous commented · August 16, 2020 10:53 AM · Flag as inappropriate

@Azure AD Team, Any update on this?

Submitting...
Steffan commented · July 22, 2020 3:38 AM · Flag as inappropriate

Last update from Admin over a year ago; any chance of an update ?

Submitting...
Brad commented · July 16, 2020 11:05 PM · Flag as inappropriate

We need this. We are trying to follow the ASD essential 8, and we need this to ensure Admin is separate to user on our laptops.

https://www.cyber.gov.au/acsc/view-all-content/essential-eight/essential-eight-explained

Submitting...
Anonymous commented · July 10, 2020 6:56 AM · Flag as inappropriate

This is much needed. Is there a update on the progress of this?

Submitting...
Christian Radice commented · May 28, 2020 10:07 AM · Flag as inappropriate

Hello, is there any way we can get an update on the progress/timeline for this feature?

Submitting...
Rijt-van, Frank commented · May 25, 2020 7:20 AM · Flag as inappropriate

Any update?

Submitting...
Anonymous commented · May 20, 2020 6:00 AM · Flag as inappropriate

Any update on this ?

Submitting...
Sridharan AK commented · May 18, 2020 10:02 PM · Flag as inappropriate

any beta /preview release available for testing?

Submitting...
alschneiter commented · April 27, 2020 7:10 AM · Flag as inappropriate

Please move on with this

Submitting...
Anonymous J commented · April 23, 2020 4:18 PM · Flag as inappropriate

This can't be an after thought for Enterprises in the cloud. Please prioritize this.

Submitting...
Anonymous commented · March 11, 2020 8:07 AM · Flag as inappropriate

This is a critical need. When can we expect to have this functionality?

Submitting...
Ramu Venkitaramanan (Office) commented · February 26, 2020 6:35 AM · Flag as inappropriate

Any update on this?

Submitting...
Taylor M commented · February 1, 2020 11:09 AM · Flag as inappropriate

Can we please have an update regarding this? This is a MUST for enterprise.

Submitting...
M commented · January 16, 2020 3:52 AM · Flag as inappropriate

This functionality for normal Azure AD joined devices is crucial for efficient saving of local admin password.

Please, make this available soon!

Submitting...
Anonymous commented · January 7, 2020 1:05 AM · Flag as inappropriate

Hello,

Is there an update available?
Thanks!

Submitting...