Event details
89 Comments
- Are these new GPO templates included in Windows 10 or only for Windows 11
- JaySimmons
Microsoft
The new GPO templates are an inherent part of the LAPS feature set. So the templates will always be included in Windows moving forward, and will also be included as an inherent part of any backport efforts. - Joe_LurieSupport for Windows 10 has been asked a couple times below. This is still under consideration. Keep your eyes on the docs (learn) pages for supported platforms, as this becomes generally available.
- Heather_Poulsen
Community Manager
We’ll continue to answer questions here in the chat for the rest of the half hour and we’ll check back throughout the week. For bonus content, make sure to check out our Technical Takeoff Demo Channel!
- I saw the Windows 11 in your last slide, but will this also be shipping to Windows 10 in the Q1 of 2023?
- Joe_LurieSupport for Windows 10 has been asked a couple times below. This is still under consideration, but we haven't committed to Windows 10 support yet. Keep your eyes open for information on supported platforms in our docs (learn) pages as the feature becomes generally available.
- Cant wait for this! Lots of work to transition but benefits look great!
- I'll take a look at the documentation, but will there be a "playbook" on how to migrate to the new LAPS?
- JaySimmonsI have kind of a playbook in my head, but nothing is fully written down. The main choice is whether you decide to use the legacy LAPS "emulation mode"... https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-scenarios-legacy ...or not. You would likely choose to use emulation mode if you have existing LAPS tooling and\or automation that is dependent on the legacy LAPS schema elements (eg, ms-Mcs-AdmPwd). If that is not a concern, there is nothing stopping you from incrementally rolling out the new LAPS policies to capable platforms.
- Is there added admin overhead for managing AAD joined and HAAD devices within the same environment or same policies will apply to all devices regardless of join type?
- JaySimmonsWe've got a ton of policy configuration flexibility with this new version of LAPS. You can use Intune to configure the target device, or onprem GPO if the device is HAADJ - it's your choice. Standard Intune and GPO best practices apply. I suggest taking a look at this doc link: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-management-policy-settings#supported-policy-settings-by-join-state
- Heather_Poulsen
We’re happy you’re here with us at the Microsoft Technical Takeoff! Whether you are attending one session or many, please take this 2-minute survey and let us know your thoughts on this event
- Will there be support for both Windows 10 or Windows 11?
- Joe_LurieFinal platforms are still under consideration. Stay tuned to our docs (learn) pages for supported platforms as this feature becomes generally available.
- JaySimmonsFor now answer is "maybe". A win10 backport is definitely under consideration, not to get your hopes up too much, final approvals still pending.
- Like I suspect will be the case with many companies, we will not have Windows 11 devices in production use until mid to late 2024. Without Windows 10 support for the new tool, we cannot use it. We'll need to keep devices hybrid longer specifically to back up passwords to AD, or go for a period of time without any LAPS functionality.
- JaySimmonsHi folks, feel free to keep asking questions but note we do have online draft documentation available here: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview
- This is one of the best new features I've seen in a while! Very well thought out and implemented.
- JaySimmonsThanks for the nice comment! It has been a "labor of love" for me :).
- The longer the session runs, the more I like it. Love to see that there's native PowerShell out of the gate (that should be a requirement for everything) and automatic password rotation.
