Event banner
Uplevel security with Endpoint Privilege Management + Windows LAPS
Event details
Good description Nathan - no complaints from me regarding your solution as described.
I will just point out that any administrator access solution that requires the device to be communicating with the cloud, is by definition at risk of failure when such cloud communication fails. Using a LAPS-managed local admin account is the "least common denominator" option in this space - you can't really get much lower in the dependency stack so there is just that much less that can go wrong.
Playing devil's advocate to my own response above: I have heard other customers say that if the device is in that bad of a condition, then they find it better to just flatten and re-image it, in other words, they prefer to just start over from scratch. Anyway, at least having both solutions gives customers the luxury of a choice. 🙂