Configuring Local Group Policies using Intune

Musab Ghannaj 1 Reputation point


I have a pure cloud Azure AD and some devices are enrolled to Intune using AutoPilot, I was trying to configure the Password Policies in GPO using Intune. The policies that I need to configure using Intune such as (Enforce Password Policy, Maximum Password Age, Minimum Password Age, Maximum Password Length ... etc) I was not able to resolve what I need using the ready administrative templates in Configuration Profile.

After all the searches that I went through, I think I have to do this using ADMX and editing the needed Registry Keys. I don't have much knowledge of ADMX do I need to have LAPS tool installed on devices first? and I don't really know where to edit the needed registry keys, I tried this: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd] I added AdmPwd manually.

Any positive ideas how to edit these local group policies using Intune?

Thank you

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,069 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,724 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Pavel yannara Mirochnitchenko 12,411 Reputation points MVP

    Azure LAPS replaces on-prem LAPS, you don't need to install any clients but update your OS and LAPS will be there built-in. Then you need just to enable AzureAD to use local admin password feature and do new policy under Endpoint Security for LAPS behavior.

    0 comments No comments

  2. Simon Ren-MSFT 31,911 Reputation points Microsoft Vendor


    Thank you for posting in Microsoft Q&A forum.

    You can use LASP or CSP to deploy password policy to clients via Intune. For more details, please refer to:

    Using Microsoft Intune for Local Administrator Password Management

    Policy CSP - DeviceLock

    Deploy OMA-URIs to target a CSP through Intune, and a comparison to on-premises

    Thanks for your time. Have a nice day!

    Best regards,


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Simon Ren-MSFT 31,911 Reputation points Microsoft Vendor


    Hope everything goes well. Do you need any further assistance about this issue? If yes, please feel free to let us know, we will do our best to help you.

    If the response is helpful, it's appreciated that you could click "Accept Answer" and upvote it, this will help other users to search for useful information more quickly.

    Thanks for your time.

    Best regards,


    0 comments No comments