This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 40%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Hi,
We just begin to migrate from Legacy LAPS to Windows LAPS and we choose to store password on Entra ID.
With LAPS Legacy we could set password expiration time, while with passwords on Entra ID it seems we can just rotate according to our policy. Is there a way to set custom password expiration time?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi @Cicindela31
You can use the following command :
Set-LapsADPasswordExpirationTime -Identity MachineName -WhenEffective (Get-Date -Date "07/04/2024 12:00:00")
To get more details about this Powershell command please read the following article:
Set-LapsADPasswordExpirationTime
Please don't forget to accept helpful answer
Hi,
Thanks for the answer but documentation for set-LapsADPasswordExpirationTime says it works only for local AD, in my situation passwords are stored in Entra ID
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@Castagnet judicael,Thanks for posting Q&A.
From your description, I know that you want to set custom password expiration time when using Windows LAPS.
Based on my researching, I find that you can custom password expiration time in Intune. You can configure Password Age Days in Endpoint security > Account protection > Windows 10 and later as Platform, Local admin password solution (Windows LAPS) as Profile > Configuration settings.
Hope above information can be helpful.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi, thanks for answer but i have already set up CSP from intune, what i want is like Legacy LAPS did: set punctually a password expiration time : for exemple a user who wants local admin acces to his computer for 3 days so i set password expiration time 3 days later
@Castagnet judicael,Thanks for your update.
Based on my research, there are no related settings in Intune that can set password expiration time, and Windows LAPS policy in Intune will rotate the password instead of letting the password expire.
If you want Intune to implement this feature, you can submit your feedback to Intune.
https://feedbackportal.microsoft.com/feedback/forum/ef1d6d38-fd1b-ec11-b6e7-0022481f8472
Thanks for your kind understanding.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 68%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Hi,
I want to have the automatic ability to have the password rotated every 2 hours or every hour and not minimum 7 days as per the policy for Azure AD.
is this possible?
if yes, how ?
thanks