Azure Domain Services Support for LAPS
Allow (or automatically install) LAPS within Azure Domain Services since this is the Microsoft supported standard for local administrator accounts.
LAPS: https://technet.microsoft.com/en-us/library/security/3062591.aspx
Bill McIlhargey
shared this idea
This is currently in planning for enabling it for Azure AD joined devices, NOT for AAD DS
47 comments
-
M
commented
This functionality for normal Azure AD joined devices is crucial for efficient saving of local admin password.
Please, make this available soon!
-
Anonymous
commented
Hello,
Is there an update available?
Thanks! -
Kurt P
commented
I would totally be willing to participate in Beta/Private Preview of this if you are looking for AAD Joined organizations to participate!
-
Victor Meyer
commented
Please can somebody comment on why this isn't supported for AAD:DS yet? Is this a schema issue or an RODC / Writeable DC issue? Thanks.
-
Brian Knackstedt
commented
Is there any update regarding LAPS and Azure AD joined Windows 10 devices?
-
Anonymous
commented
Dear Azure AD Team,
Is there any update regarding LAPS and Azure AD?
Our servers are all Azure AD DS joined and I would like to implement LAPS on those servers if possible. Is there any guidlines or preview i can use?Thanks in advance.
Kind regards
Robin Kluijt -
RE
commented
As no update or FR ticket number provided, we've raised this with our TAM in hopes of, at least, some assurance a solution is actively being developed for AAD joined devices.
-
DD
commented
Have you checked out SYNERGIX Seva ( Secrets Vault ) software ? It is something you're looking for. It is free for EDU and NFP for managing built-in ( S-500 ) administrator account
-
Anonymous
commented
Any update on this? We would LOVE the ability for this amazing simple secure process to work with Azure AD joined devices. We love LAPS on premise, but machine needs line of sight to DC, which is less and less often.
-
Callum
commented
We would love to see LAPS in Azure please. There is a lot of demand for a mobile password solution.
-
DD
commented
Synergix Secrets Vault 2019
https://www.synergix.com/products/secrets-vault/PASSWORD ROTATION AS A SERVICE
- Alternative solution for Microsoft LAPSSupports Azure AD DS, Azure AD, On Premises PLUS Workgroup joined computers
Windows 7 SP1, 8.x, 10, Windows Server 2008 /R2, 2012/R2, 2016 and 2019
MacOS UNIX support coming soon+ System Information
+ Security Event ForwardingSecrets Vault 2019 is free* for EDU !
* Contact sales@synergix.com to get offer details for Edu and license key
-
khgunn
commented
We have organizations requesting for LAPS in AAD to meet “Local admin password change policy - 90 days” for AAD only joined devices. Please consider in your release.
-
There are two different asks as part of this suggestion, one for AAD Domain Services and another for AAD joined devices
We're considering this as an ask for AAD joined devices that currently in planning as that seems to be most needed capability. For AAD DS, please create another suggestion
-
Yuyo Chou
commented
Would love to have it so we can have it for the AutoPilot AAD joined machines.
-
Luke Quarrie
commented
Any update on this Windows people? It seems like a no brainer to put it into AAD as everyone seems to want.
-
DD
commented
For Local Admin Password Rotation in AAD too, same .. Secrets Vault by Synergix is a candidate solution. https://www.synergix.com. So AAD, Azure AD and on prem ... all covered by one software.
-
Johannes Schwartz
commented
It's especially important for AAD Domain Servces joined servers, as these are often enough migrated workloads and should not suffer the bad practice of the same local admin password.
-
Anonymous
commented
Any update on this? We would want it for Azure AD joined (hybrid too). Ideally, a part of AAD Intune and/or co-management.
-
Anonymous
commented
OK "Under Review" since December 6, 2018. ANy updates on this?
-
Chris Farley
commented
I want this for AAD Domain Services. I think it would only require the schema to be extended on the domain. If that was done as part of the DS template, then we would have the option to use it.