Event banner
Windows LAPS: enhancements and roadmap
Event details
Learn about recent improvements to Windows LAPS and how they can help you deploy and use the feature. Also learn about the future plans we are working on!
This session is part of the Microsoft Technical Takeoff: Windows + Intune. Add it to your calendar, RSVP for event reminders, and post your questions and comments below! This session will also be recorded and available on demand shortly after conclusion of the live event. |
- Alban1998Iron Contributor
Once again many thanks to Jay Simmons and other people at Microsoft to bring us this extremely important feature directly within Windows, and for both client and server, and cloud and on-premise management solutions. Awesome job ! JaySimmons
- JaySimmonsMicrosoft
Thanks to everyone who viewed the presentation, along with following up with questions and feedback!
Quick note: my presentation was primarily centered around Windows-side behaviors. If you want to hear more about Windows LAPS-related changes on the Intune side, I encourage you to take a look at my Intune colleagues' (Laura\Matt\Eric) presentation here:
thanks - Jay
- BenCham100Copper ContributorHi Jay - great presentation! I seem to be missing the 'Reset the password, logoff the managed account, and terminate any remaining processes' PAA within my local policy - all other PAA options are there. Am I missing something, client is W10 22H2 2023-11 cumulative update. Thanks,
- JaySimmonsMicrosoft
Hi Ben,
No you are not missing anything. The new PAA option is only supported in future versions of Windows (I did mention this in the talk but you probably missed it.). You can try it out by installing a recent Windows Insider builds from here:
I would love to hear any feedback you might have on the new changes, thanks! 🙂
Jay
- mawalschMicrosoft
a lot of our customers are still on Windows Server 2016 - and they would love to see support for this OS. Especially as they would otherwise have to deal with Microsoft LAPS and Windows LAPS.
Which means they have to take care for two solutions till 12-Jan-2027, and this is a additional security challenge.
Also in case of IR this would be a great benefit.- JaySimmonsMicrosoft
Hi Markus, I totally get it and we have gotten this same exact feedback from multiple customers. Regrettably the answer is no. You can read a more detailed response to this question from my colleague Cliff here:
Jay
- BryanDamBrass Contributor
JaySimmons, ok then but you can't then deprecate legacy LAPS as you announced here ... right? I understand that backporting _anything_ at Microsoft is a struggle but to refuse to backport to a single in-market OS but then also deprecate the only supported solution for that OS is ... kind of unconscionable.
- EdB_65Copper ContributorWhen configuring LAPS in Intune, which is the preferred method: Endpoint Security or Configuration Profiles?
- Charlie DobsonIron ContributorFrom my experience, either works. Jason Sandys said that the Settings Catalog (Configuration Profiles) is a good place to start generally, but we configured through Account Protection under Endpoint Security. There doesn't seem to be any downside to doing it either way.
- RogerS-MicrosoftMicrosoftAgree with Charlie's sentiments - either will work. However, in this case for LAPS there is a specific template that's been 'pre-configured' with the relevant settings for just this scenario. While you're not forced to use it, the intent is to make things simpler for you by grouping those common settings into a profile/template so you don't have to do that legwork yourself elsewhere (eg) settings catalog. Same goes for other available templates (eg) BitLocker - they are intended to group relevant settings together and simply the admin experience for you. But, if you prefer to 'self service' using settings catalog - you should expect it to work out at the same end result.
- Martin1500MicrosoftExcellent Session Thanks
- Jeff_S2170Copper ContributorOn the topic of readability are we getting color coding on the password to help easily identify numbers vs letters as most password managers have implemented? Even a bold font would be appreciated.
- JaySimmonsMicrosoftHi Jeffrey - I have already improved the font used to display the password in the AD Users & Computers snapin (not yet available so don't go looking just yet). For the moment I have left it as black foreground text - but I love your suggestion! Will experiment a bit with some colors and bolding to see how it looks. (Windows UI can be tricky need to take into account high-contrast and all of that good stuff, although TBH this is not an area where ADUC is very good to begin with.)
- JaySimmonsMicrosoftAlso, just in case you were referring to the password display font in Entra\Intune, that feedback has also been given to those teams.
- Char_CheesmanBronze Contributor
Thanks for joining us! We hope you enjoyed this session. If you missed the live broadcast, don’t worry – you can watch it on demand. And we’ll continue to answer questions here in the chat through the end of the week. There's more great content in store at the Microsoft Technical Takeoff! What do you like about the event so far? Share your feedback and help shape the direction of future events on the Tech Community!
- Thomas HallerCopper Contributor
Is the new GUI just for onPrem password retrieval? Any plans for Azure AD/EntraID scenarios (e.g. user can get the admin password via Company Portal if allowed)?
- JaySimmonsMicrosoftWe are planning the new GUI only for onprem AD password retrieval. In theory one could be done for AAD\Entra but those products have mgmt portals which already make it easy.
- jabbrwckyBrass ContributorIt’s definitely not a streamlined process though. For a helpdesk person who does this dozens of times a day (we have pretty locked-down student devices so almost every incident requires an elevation) it’s a real pain. Would it be possible to make something similar with Graph API?
- MichaelHildebrandMicrosoftA round of applause for Jay and Co for the work on WLAPS (and on-prem password protection, too) 🙂
- Derrick_ConnorsCopper ContributorGood presentation on an interesting subject.