Microsoft
Microsoft
I agree it is more difficult to manage the Windows LAPS feature on AADJ-only devices if not using Intune\EPM, both from a policy deployment AND an account management perspective. The difficulty of doing policy deployment without Intune\EPM on AADJ devices is however not unique to Windows LAPS IMO. Windows LAPS brings the additional burden of managing the local account, but regardless it's still just an example of how the lack of a centralized policy management tool can make life hard. Windows LAPS was never intended to fix that problem (it can't).
One (partially useful) option is to bake both the policy and the necessary account changes into new OS images. For existing deployed images, again, it's hard as you have pointed out.
I would think that having Intune or some other EPM management solution is basically a necessity as soon as you need to manage anything more than a handful of devices. But - at least we're not forcing you to have Intune\EPM as a prerequisite for using Windows LAPS. 🙂
Jay