Windows LAPS Azure AD and Administrative Units

Niklas Tinner
Apr 28

--

If you are looking for a way to granularly control access to LAPS local admin passwords, you should consider Azure Administrative Units.

How it works

You can collect users, groups and devices into a virtual container, called Administrative Unit (AU).

Membership election can be assigned, but also Dynamic User/Device.

Administrative Unit

Here you can add Roles and administrators. All these assignments are only effective for the users, groups and devices in the Administrative Unit.

Roles and administrators

Now for example a Cloud Device Administrator in AU Switzerland can only retrieve the LAPS password for the Devices which are in the AU Switzerland.

Windows Laps
Azure Ad

--

--

Niklas Tinner

Written by Niklas Tinner

11 Followers

https://oceanleaf.ch/ | #EnterpriseMobility #Security #MEM #ModernWorkplace

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams