Enhance Microsoft 365 Security Using Intune LAPS
May 11, 2024 12:04 AM

Enhance Microsoft 365 Security Using Intune LAPS

by HubSite 365 about Jonathan Edwards

No-Faffing Managed IT Support & Cyber Security Support. Made in Yorkshire, built for the UK.

Pro UserIntuneLearning Selection

Elevate Your Microsoft 365 Device Security with LAPS via Intune - Dont Miss Todays Expert Tips! #Microsoft365 #CyberSecurity

Key insights


  • Enhance your Microsoft 365 security by leveraging LAPS (Local Admin Password Solution) in Intune.
  • Addressing the local admin problem and the master password issue can significantly improve device security.
  • Steps include enabling LAPS, creating an Account Protection Policy, and backing up LAPS configurations to Entra ID.
  • Customize your security with settings for password age, optional admin account name, password complexity, and password length.
  • Ensure the effectiveness of your security measures by testing LAPS, manually resetting local admin passwords, and removing global admins from local admin roles.

Enhancing Security in Microsoft 365 with LAPS

The importance of strong security measures in Microsoft 365 cannot be overstressed, with cybersecurity threats evolving at an unprecedented pace. Leveraging LAPS within Intune presents a robust solution, addressing critical security issues related to local administrative privileges and password management. These administrative vulnerabilities often serve as entry points for malicious actors, making their management and security critical for safeguarding sensitive organizational data. 



Executive Summary: Enhancing Microsoft 365 Security with LAPS in Microsoft Endpoint Manager

In a recent video presentation, Jonathan Edwards sheds light on a powerful method to bolster device security within Microsoft 365 environments. This technique utilizes the Local Admin Password Solution (LAPS) feature within Microsoft Endpoint Manager, formerly known as Intune. This summary captures the essence of the video, presenting the information in an easy-to-understand format, aligned with good SEO practices.

Understanding the Local Admin Challenge:

Edwards begins by identifying the core issue that organizations face: managing local administrator accounts securely. He explains how easily these accounts can become security vulnerabilities, either by being overlooked or by using weak password policies.

Next, he introduces LAPS as a solution to this prevalent problem. LAPS automates the process of setting complex passwords for local administrator accounts, thereby, significantly reducing potential security risks. Edwards emphasizes the importance of this step for maintaining robust security protocols.

The incorporation of LAPS into the Microsoft Endpoint Manager ecosystem is highlighted as a seamless process. Edwards assures that implementing LAPS not only enhances security but also streamlines administrative tasks.

Implementing LAPS Effectively:

The video delves into the technical steps required to enable LAPS within the Microsoft Endpoint Manager framework. Edwards methodically walks viewers through the process of creating an Account Protection Policy and how to back up LAPS with Entra ID for added security.

He further discusses password policies, including age settings, complexity, and length, ensuring that viewers understand how to configure each setting to meet their security needs. Edwards stresses the importance of selecting stringent policies to fortify the defense against unauthorized access.

Practical application is also covered, with Edwards presenting a demonstration of LAPS in action. This includes testing the solution and reviewing procedures for manually resetting local admin passwords and removing Global Administrator rights from local accounts.

Conclusion and Key Takeaways:

In conclusion, Jonathan Edwards' video serves as a vital resource for businesses seeking to elevate their Microsoft 365 security posture. By adopting LAPS within Microsoft Endpoint Manager, organizations can address a significant security challenge and ensure a fortified defense against potential threats.

Edwards' clear and concise explanation demystifies the process, making it accessible to IT professionals across all skill levels. This presentation not only educates but also empowers viewers to take proactive steps towards securing their Microsoft 365 environments.

Intune - Enhance Microsoft 365 Security Using Intune LAPS


People also ask

Can you use laps with Intune?

Indeed, Windows LAPS is compatible with a free trial subscription of Intune. This compatibility extends to Microsoft Entra ID Free, the complimentary edition provided with Intune subscriptions. This setup allows for the utilization of all LAPS functionalities through Microsoft Entra ID Free.

Is Microsoft laps still supported?

As of the statement made on October 23, 2023, the traditional Microsoft LAPS offering has been marked as deprecated.

How secure is Microsoft laps?

Microsoft Entra ID serves as the authentication platform for Windows LAPS, leveraging the unique identity of each managed device. Although data within Microsoft Entra ID already benefits from robust security measures, an additional layer of encryption is applied to passwords prior to storage, enhancing the overall protection.

What is the difference between legacy laps and windows laps?

The primary distinction between Windows LAPS and the earlier Microsoft LAPS revolves around the introduction of several new capabilities in Windows LAPS. Among these are the ability to back up passwords to Azure Active Directory, encrypt passwords within Windows Server Active Directory, and maintain a history of passwords, features not present in the legacy version.



Microsoft 365 Security, LAPS in Intune, Boost Security Intune, Intune LAPS configuration, Improve Microsoft 365 Protection, Enhance Office 365 Security, Secure Microsoft 365 with LAPS, Intune Security Best Practices