You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/devices/howto-windows-laps-with-azuread.md
+9-8Lines changed: 9 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -36,13 +36,15 @@ Azure AD support for LAPS includes the following capabilities:
36
36
-**Conditional Access policies for local administrator password recovery** - Configure Conditional Access policies on directory roles that have the authorization of password recovery.
37
37
38
38
> [!NOTE]
39
-
> Devices that are workplace-joined (WPJ) are not supported by Intune for LAPS.
39
+
> Windows LAPS with Azure AD is not supported for Windows devices that are [Azure AD registered](https://learn.microsoft.com/azure/active-directory/devices/concept-azure-ad-register).
40
40
41
41
To learn about Windows LAPS in more detail, start with the following articles in the Windows documentation:
42
42
43
43
-[What is Windows LAPS?](https://learn.microsoft.com/windows-server/identity/laps/laps-scenarios-azure-active-directory) – Introduction to Windows LAPS and the Windows LAPS documentation set.
44
44
-[Windows LAPS CSP](https://learn.microsoft.com/windows/client-management/mdm/laps-csp) – View the full details for LAPS settings and options. Intune policy for LAPS uses these settings to configure the LAPS CSP on devices.
45
45
-[Microsoft Intune support for Windows LAPS](https://learn.microsoft.com/mem/intune/protect/windows-laps-overview)
46
+
-[Windows LAPS architecture](https://learn.microsoft.com/windows-server/identity/laps/laps-concepts#windows-laps-architecture)
47
+
46
48
47
49
## Requirements
48
50
@@ -123,16 +125,15 @@ To configure Conditional Access for local administartor passwrod recovery you wi
123
125
> [!NOTE]
124
126
> Other role types including administrative unit-scoped roles and custom roles aren't supported
125
127
126
-
**Licensing requirements**:
128
+
## Licensing requirements
127
129
128
-
-**Azure Active Directory subscription**
129
-
*Azure Active Directory Free*, when you are using basic Windows LAPS with Microsoft Entra (Azure AD) features such as enabling LAPS using device settings, storing encrypted local administrator password, password recovery and audit logsis the free version of Azure AD that’s included when you subscribe to Intune. With Azure AD Free, you can use all the features of LAPS.
130
-
*Azure Active Directory Premium*, when you are using premium experiences to improve security with capabilities such as Conditional Access, Custom Roles and Administrative Units
131
-
-**Intune subscription**
132
-
*Microsoft Intune Plan 1*, which is the basic Intune subscription. You can also use Windows LAPS with a free trial subscription for Intune.
130
+
### Azure Active Directory subscription
131
+
**Azure Active Directory Free**, when you are using basic Windows LAPS with Microsoft Entra (Azure AD) features such as enabling LAPS using device settings, storing encrypted local administrator password, password recovery and audit logsis the free version of Azure AD that’s included when you subscribe to Intune. With Azure AD Free, you can use all the features of LAPS.
132
+
**Azure Active Directory Premium**, when you are using premium experiences to improve security with capabilities such as Conditional Access, Custom Roles and Administrative Units
133
133
134
+
### Microsoft Intune subscription
135
+
**Microsoft Intune Plan 1**, which is the basic Intune subscription. You can also use Windows LAPS with a free trial subscription for Intune.
134
136
135
-
For information about Windows LAPS architecture, see [Key concepts in Windows LAPS](/windows-server/identity/laps/laps-concepts#windows-laps-architecture) in the Windows documentation.
0 commit comments