Azure Domain Services Support for LAPS
Allow (or automatically install) LAPS within Azure Domain Services since this is the Microsoft supported standard for local administrator accounts.
LAPS: https://technet.microsoft.com/en-us/library/security/3062591.aspx
Bill McIlhargey
shared this idea
This is currently in planning for enabling it for Azure AD joined devices, NOT for AAD DS
65 comments
-
Vinny_UK
commented
As i suspected... still no news :/
-
John Field
commented
I would love for this feature to be in place and working.
This would check off a number of our required security checks, but also provide a safe way of providing local admin access when the "Microsoft approved" Device Administrators doesn't applyPlease tell me there is an update nearly 2 years down the line?
-
Karl Wallin
commented
Any updates for the AD-Joined device solution?
-
SYNERGIX
commented
Community Edition of SYNERGIX SEVA is free and should fit the bill for Azure AD Joined Windows 10 computers
- Rotate Built-In Administrator Account
- Based upon .NET Core 5.0
- Quarterly updates to Ultimate Edition as more features are added -
Victor Meyer
commented
Come on guys. Where we at with this :) 2016 to 2021 to get the agent to move from talking to a DC to talking to an API endpoint. Time for a community solution? :) Not rocket science.
-
Anonymous
commented
We urgently need an update on this planned improvement!
Thank you! -
Anonymous
commented
Our devices in Microsoft Security Center show as unsecure because of this not being configured even in Azure AD joined devices - it checks for a registry key that only works with LAPS. Would be nice if LAPS was configured so that we wouldn't have to ignore this setting on several hundred intune devices
Remediation options
Option 1 - Set the following Group Policy:
Computer Configuration\Policies\Administrative Templates\LAPS\Enable Local Admin Password Management
To the following value: EnableOption 2 - Set the following registry value:
HKLM\SOFTWARE\Policies\Microsoft Services\AdmPwd\AdmPwdEnabled
To the following REG_DWORD value: 1https://securitycenter.windows.com/security-recommendations/sca-_-scid-84?search=scid-84
-
Mahmud
commented
There is no update at all on this, Hmmmm strange, this is not an option this must be implemented ASAP.
July 2019 planning for enabling it ????? today is Dec-2020, that is over a year now.
I hate promises that never even delivered.
-
Barone, Lou
commented
Was hoping for ignite announcement on this but there wasnt one to my knowledge.
-
Hoang Nguyen Huu
commented
Can keep us up to date on this
-
Kevin C
commented
Update please....
-
Anonymous
commented
@Azure AD Team, Any update on this?
-
Steffan
commented
Last update from Admin over a year ago; any chance of an update ?
-
Brad
commented
We need this. We are trying to follow the ASD essential 8, and we need this to ensure Admin is separate to user on our laptops.
https://www.cyber.gov.au/acsc/view-all-content/essential-eight/essential-eight-explained
-
Anonymous
commented
This is much needed. Is there a update on the progress of this?
-
Christian Radice
commented
Hello, is there any way we can get an update on the progress/timeline for this feature?
-
Rijt-van, Frank
commented
Any update?
-
Anonymous
commented
Any update on this ?
-
Sridharan AK
commented
any beta /preview release available for testing?
-
alschneiter
commented
Please move on with this