Microsoft
Microsoft
>>however there is one part that is a bit confusing - why do we need to extend the AD Schema if we're going to be using Azure AD as the backup target?
>>Is this due to the fact that in a hybrid setup the computer accounts are synchronized from on-prem?
If your only functional goal is to backup passwords to Azure AD, then you do NOT need to extend your AD schema with the new Windows LAPS attributes. Sorry if that was not clear all along - I think perhaps I've been so close to the design for so long that I forget these types of questions. (I'm collecting a bunch of these questions and plan to add a FAQ page to the doc.)
To be clear on your other point, there is no Windows LAPS dependency on any synchronization mechanism for hybrid (or any other) machines.