Скачать или смотреть Configure Windows LAPS in Intune

Configuring Windows LAPS in Intune is pretty easy and good if you want unique passwords for local (admin) accounts on your devices.
We start by creating a location account with the help of PowerShell. We use Intune to ensure that this account is a local administrator and end with configuring LAPS so the password for the created account is unique per device and rotating password every 7 days. The password is 24 characters in length and has complexity requirements. The password is securely stored in Entra ID.

PowerShell scripts mentioned in the video:
CheckForJBNAdminAccountDetection.ps1
Detection script if JBNAdmin local account exists

if ((Get-LocalUser).Name -contains "JBNAdmin")
{
write-host "All is good, account is there"
exit 0
}
else
{
write-host "account is missing"
exit 1
}



##CheckForJBNAdminAccountRemediation.ps1
Creating JBNAdmin local user
New-LocalUser -Name JBNAdmin -Description "JBN Local Admin account" -NoPassword


Chapters
00:00:00 Introduction
00:04:43 Create a local account with Remediation Scripts
00:18:10 Add local accounts to the local administrator group with Intune
00:20:30 Configure Windows LAPS in Intune
00:25:54 Verify the settings work
00:32:43 Outro