Forum Discussion
Windows Laps key rotation
Hello, I have Windows Laps configured with password rotation every 10 days, I have encountered several cases where the password rotates before the expiration date. What could be the reason?
Password rotation could kick when the grace period of the password expired (so every 10 days)
But if you configured paa, there could be a chance that when using the managed account (trying to login with it) still kicks off the paa actions (reset the password) even when you have entered the wrong password. That one is fixed in a future build.. but as i am not sure which build you are using....
And another thing could be to remotely trigger a password rotation from intune.... or on the device with the reset-lapspassword command... so just like leon pointed out....
You have got some options here, so the LAPS event logs or the audit log in azure ad (entrA) should be the first places to start looking
But if you configured paa, there could be a chance that when using the managed account (trying to login with it) still kicks off the paa actions (reset the password) even when you have entered the wrong password. That one is fixed in a future build.. but as i am not sure which build you are using....
And another thing could be to remotely trigger a password rotation from intune.... or on the device with the reset-lapspassword command... so just like leon pointed out....
You have got some options here, so the LAPS event logs or the audit log in azure ad (entrA) should be the first places to start looking