Type something to search...
to navigateto selectESC to close
How to create a Windows local admin account via Intune LAPS

How to create a Windows local admin account via Intune LAPS

Introduction

I wrote an article last February on how to replace the password of your MTR’s local account using LAPS (Local Administrator Password Solution) in Intune. I concluded my article by explaining that it was possible to manage local administrator accounts on computers using the same solution. Microsoft has just released an update that allows you to create the account directly via LAPS without going through a configuration rule with a manual password.

Check the February 2025 article HERE.

Prerequisites

A Windows 11 PC

  • A Windows 11 24h2 PC enrolled in Intune.

An Entra ID group

  • An Entra ID security group that contains the relevant PCs.

Administrator role

  • An account with the Global Administrator or Intune Administrator role to access the Microsoft Intune Admin Center.
Step 1 : Sign in to the Microsoft Intune Admin Center

Sign in to the Microsoft Intune Admin Center by opening your web browser to https://intune.microsoft.com.

Step 2 : Create a LAPS Rule

In the left menu, click Endpoint security, then Account protection.

Create a rule for the Windows 10 and later platform with the Local admin password solution (Windows LAPS) profile.

image

Enable the options with the values ​​of your choice.
Unlike the MTR rule, which targeted the Admin account, here we will create a new account with a prefix (I chose laps-admin- here) and add a random numeric suffix.

image

Assign the security group containing your Windows PC.

image

Step 3 : Validate the new account

After a few minutes, the new account should be visible in the Computer Management window.

image

You can also validate by going to the Event Viewer and opening the Applications and Services Logs / Microsoft / Windows / LAPS directory.

image

Step 4 : Access the password

I covered this step in the February 2025 article, check it out (the link is in the introduction).

Conclusion

You now know how to create a local administrator account with LAPS in Intune.

Sources

Microsoft Learn - Windows LAPS

Microsoft Learn - What’s new in Intune

Did you enjoy this post ? If you have any questions, comments or suggestions, please feel free to send me a message from the contact form.

Don’t forget to follow us and share this post.

Tags :
Share :

Related Posts

Email verification of external Teams participants

Email verification of external Teams participants

Introduction Microsoft Teams Premium introduces a new feature to enhance the security and reliability of your meetings: email verification for external participants. This feature allows mee

Read More
How to activate Microsoft 365 Passkey in Entra ID

How to activate Microsoft 365 Passkey in Entra ID

Definition Microsoft 365 Passkey is an authentication method that replaces passwords with more secure options like facial recognition, fingerprint, or a PIN.Prerequisites **

Read More
How to sign in with Passkey to Microsoft 365

How to sign in with Passkey to Microsoft 365

Definition Microsoft 365 Passkey is an authentication method that replaces passwords with more secure options like facial recognition, fingerprint, or a PIN.Prerequisites **

Read More
How to enable LAPS on the MTR Admin account via Intune

How to enable LAPS on the MTR Admin account via Intune

Definition Microsoft's LAPS (Local Administrator Password Solution) is a free tool designed to improve password security for local administrator accounts on workstations, servers and al

Read More
How to enable password writeback in Entra ID

How to enable password writeback in Entra ID

Introduction In an organization configured as hybrid with Microsoft cloud, user accounts are created in the on-premises Active Directory and are synchronized with Microsoft Entra ID. In

Read More
Impact analysis of Entra conditional access policies

Impact analysis of Entra conditional access policies

Introduction Conditional access in Entra is a security policy that allows administrators to control access to applications and resources based on specific conditions. These conditions can i

Read More
New security approach for non-compliant emails

New security approach for non-compliant emails

Introduction Microsoft has announced a major update to Defender for Office 365 that strengthens email security by improving the handling of non-RFC compliant emails. This initiative is

Read More