I have confiqure LAPS in intune its working but i need that every team Manager have acces of his teams Local Password Ratger than each user contact IT team they get their Local Password from Their Manager so how we can do that any one have idea about it

Muhammad Zeeshan 100 Reputation points
2023-11-17T10:02:02.9033333+00:00

I have confiqure LAPS in intune its working but i need that every team Manager have acces of his teams Local Password Ratger than each user contact IT team they get their Local Password from Their Manager so how we can do that any one have idea about it

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,696 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Nick Eckermann 466 Reputation points
    2023-11-17T16:50:32.32+00:00

    If local admin this is something the end users needs often then you should likely look for a better approach like Endpoint Privilege Management. https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview

    Otherwise, you would need to build out Admin units and roles to support this and I am not sure LAPS would be available for scoping yet.

    https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units

    https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-create

    0 comments No comments

  2. JatinMakhija 971 Reputation points
    2023-11-18T08:55:39.3466667+00:00

    We are using a Custom Entra PIM role for users/admins who want to view the LAPS password. Assign this Custom PIM role to the team manager, I have not explored if you can target specific devices yet. When they want to view the local admin password, they can simply Elevate to this custom PIM role:

    https://cloudinfra.net/implement-laps-with-intune-a-comprehensive-guide/#2-create-a-custom-azure-ad-role

    --please don't forget to Accept as answer if the reply is helpful--


  3. Muhammad Zeeshan 100 Reputation points
    2023-11-20T07:17:03.17+00:00

    I want that only Team Manager can access his team local passwords i think custom role will not work for this case any other options

    0 comments No comments