Security Recommendations for LAPS are outdated

ADM-Griffin2, Jay 151 Reputation points
2023-06-28T10:54:09.08+00:00

These recommendations in the Microsoft Secure Score seems to be ignoring the new Windows LAPS and looking at the old LAPS. When we changed over to the Windows LAPS, these recommendations started getting flagged. I thought Microsoft would eventually change them over, but they haven't yet.

Enable Local Admin password management

Remediation -- pointing to the old GPO settings....

Option 1 - Set the following Group Policy:
Computer Configuration\Policies\Administrative Templates\LAPS\Enable Local Admin Password Management
To the following value: Enable

Option 2 - Set the following registry value:
HKLM\SOFTWARE\Policies\Microsoft Services\AdmPwd\AdmPwdEnabled
To the following REG_DWORD value: 1

These appear to be the OLD GPO settings, not the new Windows LAPS.

I have Windows LAPS working and my Secure Score is still being flagged for this recommendation.

Protect and manage local admin passwords with Microsoft LAPS

This recommendation directs you to download the old LAPS client.

Microsoft Security | Microsoft Defender | Microsoft Defender for Identity
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other
{count} votes

4 answers

Sort by: Most helpful
  1. Michele Ariis 2,040 Reputation points MVP
    2023-07-11T12:15:21.42+00:00

    I also have the same problem

    1 person found this answer helpful.

  2. Thomas Starkey 0 Reputation points
    2024-05-10T12:25:02.1766667+00:00

    Same issue here. Anyone got any update on bypassing this?

    0 comments No comments

  3. Michele Ariis 2,040 Reputation points MVP
    2024-10-01T10:02:29.06+00:00

    any news on this issue?

    0 comments No comments

  4. Dimitris Komodromos 46 Reputation points
    2024-11-13T14:16:07.0633333+00:00

    Same issue here . Microsoft should update defender to check also for windows LAPS

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.