This is how to activate and use Windows LAPS in Microsoft Entra
Many organizations use local administrator accounts on workstations and servers to perform management activities. The problem is that these accounts often have static passwords that are rarely changed, which can compromise organizational security. One possible solution to this is to implement Local Administrator Password Solution (LAPS).
LAPS is a tool from Microsoft that automates and improves the management of local administrator accounts. With LAPS, each workstation or server can automatically generate a unique password for the local administrator account and store it in Azure Active Directory. This password is automatically changed at a predetermined interval, improving organizational security.
To display the local administrator password for a Windows device that is a member of Azure AD, you must be granted deviceLocalCredentials.Read.All authorization and assigned one of the following roles.
Cloud device administrator
Intune service administrator
Global administrator
Microsoft's minimum system requirements to use LAPS
Windows 10 20H2 or later
Windows 11 21H2 or later
Windows Server 2019 or later
This is the Windows Local Administrator Password solution within Microsoft Entra (Azure AD)
Navigate to: https://endpoint.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu/~/accountprotection
Under LAPS, select Backup Directory
Choose whether you wish to activate LAPS on a group, list of users or devices.
Then go to Device Settings to activate Local Administrator Settings (LAPS)
Last, activate LAPS within Device Settings in Azure Active Directory.
Navigate to: https://portal.azure.com/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/DeviceSettings/menuId~/null and activate LAPS at the bottom.