Event details

Learn about recent improvements to Windows LAPS and how they can help you deploy and use the feature. Also learn about the future plans we are working on!   This session is part of the Mi...
Char_Cheesman
Updated Dec 27, 2024
Technical Takeoff
jabbrwcky's avatar
jabbrwcky
Brass Contributor
Nov 29, 2023
It’s definitely not a streamlined process though. For a helpdesk person who does this dozens of times a day (we have pretty locked-down student devices so almost every incident requires an elevation) it’s a real pain. Would it be possible to make something similar with Graph API?
Charlie Dobson's avatar
Charlie Dobson
Iron Contributor
Nov 29, 2023
Shouldn't the helpdesk people have their own privileged accounts? I generally try to discourage using local admin accounts unless it's truly necessary.
  • JaySimmons's avatar
    JaySimmons
    Icon for Microsoft rankMicrosoft
    Nov 29, 2023
    In the end the decision is up to the customer, but there are some good reasons for using local accounts for a helpdesk\break-glass style situation. One benefit is that if you are concerned that the device might be compromised, you are not making things any worse by authenticating to it with a local account that already belongs to that device (blast-area-reduction measure as it's sometimes described).
    • Charlie Dobson's avatar
      Charlie Dobson
      Iron Contributor
      Nov 29, 2023
      Good points to consider. Thanks!