We have user device which reset LAPS password three times a week while the policy is set to reset every 365 days. The current LAPS policy is configured as follows: Policy source: CSP Backup di...
JaySimmons
Microsoft
Microsoftharrys80 ,
Based on the data you've presented, I would guess that you have some automation in your environment that is regularly retrieving the password and performing an authentication to the managed device, which is then triggering a now+24 hours post-authentication-action-initiated password reset.
The PAA feature is actually on-by-default, so you have to explicitly disable it in order to keep this from happening. You can do that by setting the grace period to zero (0) hours. Please try that?
Alternatively, if it is unexpected that any authentication of the LAPS-managed account is happening, you might want to investigate why what is happening.
Please PM if you have further questions - I am going to close this issue out since it's more of a support issue than a feature request.
thanks,
Jay