Azure Domain Services Support for LAPS
Allow (or automatically install) LAPS within Azure Domain Services since this is the Microsoft supported standard for local administrator accounts.
LAPS: https://technet.microsoft.com/en-us/library/security/3062591.aspx
Bill McIlhargey
shared this idea
This is currently in planning for enabling it for Azure AD joined devices, NOT for AAD DS
38 comments
-
Callum
commented
We would love to see LAPS in Azure please. There is a lot of demand for a mobile password solution.
-
DD
commented
Synergix Secrets Vault 2019
https://www.synergix.com/products/secrets-vault/PASSWORD ROTATION AS A SERVICE
- Alternative solution for Microsoft LAPSSupports Azure AD DS, Azure AD, On Premises PLUS Workgroup joined computers
Windows 7 SP1, 8.x, 10, Windows Server 2008 /R2, 2012/R2, 2016 and 2019
MacOS UNIX support coming soon+ System Information
+ Security Event ForwardingSecrets Vault 2019 is free* for EDU !
* Contact sales@synergix.com to get offer details for Edu and license key
-
khgunn
commented
We have organizations requesting for LAPS in AAD to meet “Local admin password change policy - 90 days” for AAD only joined devices. Please consider in your release.
-
There are two different asks as part of this suggestion, one for AAD Domain Services and another for AAD joined devices
We're considering this as an ask for AAD joined devices that currently in planning as that seems to be most needed capability. For AAD DS, please create another suggestion
-
Yuyo Chou
commented
Would love to have it so we can have it for the AutoPilot AAD joined machines.
-
Luke Quarrie
commented
Any update on this Windows people? It seems like a no brainer to put it into AAD as everyone seems to want.
-
DD
commented
For Local Admin Password Rotation in AAD too, same .. Secrets Vault by Synergix is a candidate solution. https://www.synergix.com. So AAD, Azure AD and on prem ... all covered by one software.
-
Johannes Schwartz
commented
It's especially important for AAD Domain Servces joined servers, as these are often enough migrated workloads and should not suffer the bad practice of the same local admin password.
-
Anonymous
commented
Any update on this? We would want it for Azure AD joined (hybrid too). Ideally, a part of AAD Intune and/or co-management.
-
Anonymous
commented
OK "Under Review" since December 6, 2018. ANy updates on this?
-
Chris Farley
commented
I want this for AAD Domain Services. I think it would only require the schema to be extended on the domain. If that was done as part of the DS template, then we would have the option to use it.
-
DD
commented
Secrets Vault by Synergix could be the answer
https://www.synergix.com/products/secrets-vault
It supports both Azure AD joined ( Win 10 ) and On-Premises domain joined ( Windows 7, 8.x, 10 and Windows Server 2008 R2, 2012 R2, 2016 and 2019 ). Don't be surprised to see UNIX added to the list of supported OS.
https://www.synergix.com/products/secrets-vault/features/laps-for-azure-ad/
-
Jermaine Williams
commented
This would be an awesome feature to have on AAD machines.
-
Troy Phillips
commented
Just Azure AD joined devices
-
Andrew
commented
This would be EXTREMELY useful
-
Brad
commented
Only Azure AD, having Azure Active Directory Domain Services as a requirement would be too expensive it not currently using AADS. :)
When is the release date?
-
Brad
commented
Only Azure AD, having Azure Active Directory Domain Services as a requirement would be too expensive it not currently using AADS. :)
-
RockLee
commented
We definitely want this on AAD joined devices. But why not have both? ;)
-
James R
commented
I’m looking for this for AAD joined machines. I would be happy to see this as an Intune feature or AAD. I’m currently reviewing our setup and looking if moving to AAD is right for us. LAPS is something that I need to consider.
-
Steve
commented
Having it directly in AAD would be even better than having it in Azure Domain Services or InTune!