Very helpful - thank you

Great video, but was good to make a recap at the end to understand if that last "Enable local admin password management" policy is actually required :)

Thank you for the walk-through. As a previous poster said: Please don't edit your videos unless you really need to or the wait would be too long! The good stuff comes from you coursing through the level of working it out. Also (and maybe this is already in your pipe) I think there would be value in adding a video where you explore the Org. messages feature in Intune. Albeit not that technically difficult it is a really nice feature (especially the Get Started app customization) that I completely missed up until the other day! Keep on doing what you do - you do it very well!

Windows LAPS is supported since the April Updates. It's been running really well so far.

Thank you for the clear steps guidance. It really helped.

You're wromg Steven, it was the April update that introduced Windows LAPS as far as I know. I've enabled it a few weeks ago for my Windows 11 machines that we want to start rolling out in august on all our new machines, and that rollout will be the first step in ditching on-prem AD for our client devices. I wanted to go pure azure AD joined, but some internal constraints still require me to domain join those machines. Although they do end up in an OU where inheritance is disabled and just a handful of GPOs are linked back in. I love the new Windows LAPS, finally an easy way to rotate the password and ensure it works, even if there is no line of sight to your domain controllers and an interface that is less complex and, I assume, more easy to audit. For the complexity, I did not include the special characters, but I did increase the length, as my helpdesk didn't like it when they had to spell out the password in a rare case where the user had to regain access to the laptop before being able to start up the VPN to sync up the reset password (no pre-login VPN available at the moment). The one thing I have not looked at yet, what if you have a GPO active for the old LAPS and then enable Windows LAPS, who will take priority? Anyone know? Or is it best that if I want to go that route that I do ensure the CSE is uninstalled and the GPO is gone?

@intune training; great video as always 😊 the policy does not activate/enable the administrator account right?! As by default the administrator account is disabled, isn’t leaving the account disabled a better security solution. Isn’t just adding an (additional) local administrator from intune a simpeler solution?! Just looking for a best practice 😊

Hey gents as you stated you cannot run this together with On-premise LAPS, do you perhaps have a guide i can use to remove the current On-premise LAPS setup and only setup the Azure LAPS. Your assistance would be greatly appreciated.

Great video guys! So it was not showing any password in the beginning because of the second setting you enabled in the settings catalog option? I understood: first step azure, second settings catalog with the two options and third the laps policy? 🙏

Great lesson...

Your instructional videos are amazing. Qq. When you created the Windows LAPs group, is this group a user specific or device specific?

Never knew about .\NAME, I've always done localhost\ **The more you know**

it works from me, but i did enable the local admin account from Computer management! in this case is that correct?

This is excellent, however Steve, your audio is hard to make out. Maybe if your audio could be recorded separately from the video call. I don't know if it's the compression or just your mic.

Is there anyway enduser can access his LAPS password from a portal? Or is it the Cloud LAPS with Enterprise App scenario?

Where in the policy do you set the username?

Can you set a specific password?

Why a windowslaps group and not assigned to all devices?

it would be good if intune can extend this to macOS too

Plz don’t edit the videos. That’s the best learning time. Especially as I follow along in my lab 😊