Windows LAPS is Now Natively Integrated on Windows 11, Windows 10, and Windows Server


Microsoft’s new Windows Local Administrator Password Solution (LAPS) is now natively integrated into Windows 11, Windows 10, and Windows Server. Windows LAPS lets IT Pros secure local administrator accounts on Windows devices, and it supports on-premises Active Directory and Azure Active Directory scenarios. 

With the release of the April 2023 Patch Tuesday updates yesterday, Windows LAPS is now an inbox feature that will be updated via the normal Windows patching process. The existing Microsoft security product known as Local Administrator Password Solution (LAPS), which is an optional download, continues to exist but Microsoft now refers to it as “Legacy LAPS.” 

Windows LAPS brings new features for on-premises AD and Azure AD scenarios

The native version of Windows LAPS adds support for password encryption, password history, and automatic password rotation. Windows LAPS also adds Directory Services Restore Mode (DSRM) backups to improve the security of domain controllers.

Windows LAPS supports rich policy management via both Group Policy and Configuration Service Provider (CSP), and a new PowerShell module also gives IT pros better password management capabilities. Additionally, Windows LAPS adds support for hybrid-joined devices. 

The new PowerShell module for Windows LAPS
The new PowerShell module for Windows LAPS (image credit: Microsoft)

If you’re not ready yet to migrate over to the new features, Windows LAPS also offers an emulation mode. “We do strongly recommend adopting the new features in order to take advantage of the new security improvements,” Microsoft explained yesterday on the Windows IT Pro blog. “Doing this will be much more secure for these sensitive passwords, especially when stored in Active Directory with encryption enabled, or in Azure AD.”

Windows LAPS support for Azure Active Directory in private preview 

The new LAPS scenario in Azure Active Directory, which is currently in private preview, will give IT pros more options for managing passwords in the cloud. New capabilities include Azure management portal support for retrieving and rotating passwords, as well as Azure role-based access control (Azure RBAC) policies for authoring authorization policies for password retrieval.

Microsoft said yesterday that LAPS support for Azure Active Directory will enter public preview “later this quarter.” The company said that making LAPS a native Windows feature was a popular request, and it’s inviting organizations to use the new feature in their existing deployment. You can also read our detailed guide explaining how to configure Windows LAPS in an Active Directory scenario.