What is LAPS?
LAPS is a system for managing local passwords on users’ workstations. This tool aims to ensure data confidentiality and reduce the risk in case of loss or theft of workstations.
What does LAPS provide?
LAPS provides security for workstations and the entire network by providing the following security features:
- Generation of a unique local administrator password per workstation
- Centralized storage of local administrator accounts on AD
- Blocking the risk of a lateral movement attack from a compromised workstation
- Centralized management of local administrator password expiration
The benefits
LAPS is integrated into the Windows system for free.
Deployment and management of the tool is done on the existing AD infrastructure
WE CAN SUPPORT YOU
Almond’s Infrastructure Security team has complete expertise in the service chain offered by Microsoft, from the workstation to the Azure Cloud, as well as in AD and Azure AD security issues.
Mastering LAPS projects is part of our catalog of skills and we will be able to adapt to your context so that you can exploit the tool’s features in an optimized and secure manner.
What are the LAPS integration methods?
ON PREMISE
Deployment and control
by local strategy
IN THE CLOUD
Deployment and control
on Microsoft Intune
- Deploying local password policies
- Local passwords on AD controller
- Solution not natively supported
- Development of a custom solution:
- Password generation
on Azure KeyVault - Deployment of local passwords
with Intune Logs - on “Azure Application Insights“
- Password generation
Our services
