Microsoft
MicrosoftMartinKupka - from your description I am not clear how much is left to do? I have to assume the MTR device installs OS patches post-deployment (or else it would quickly get more and more unsecure\at-risk), and since you are already managing these devices with Intune, then the final last step would be for you to enable the new Windows LAPS policy via Intune (again, once the Azure AD scenario reaches public preview). The device should be on LAPS "auto-pilot" from that point on, and you can then access the device as needed by retrieving the current password from AzureAD\Intune. Is a deeper MTR-specific integration called for here? Or are you asking for an MTR-specific certification of compatibility wrt Windows LAPS, just to be safe?