What is LAPS?

LAPS is a system for managing local passwords on users’ workstations. This tool aims to ensure the confidentiality of data and reduce the risk in case of loss or theft of workstations.

What does LAPS provide?

LAPS provides security for workstations and the entire network by providing the following security features:

> Generation of a unique local administrator password per workstation

> Centralized storage of local administrator accounts on AD

> Blocking the risk of a lateral movement attack from a compromised workstation

> Centralized management of local administrator password expiration

Why is LAPS an opportunity?

If you have a single administrator password across all workstations and are concerned about the size of your attack surface:

> LAPS is integrated into the Windows system for free.

> Deployment and management of the tool is done on the existing AD infrastructure.

We can support you

Almond’s Infrastructure Security team has complete expertise in the service chain offered by Microsoft, from the workstation to the Azure Cloud, as well as in AD and Azure AD security issues.

Mastering LAPS deployment projects is part of our catalog of skills and we will be able to adapt to your context so that you can exploit the tool’s features in an optimized and securemanner.

What are the LAPS integration methods?

On-premise
Deployment and control
by local policy (GPO)

> Deploying local password policies

> Local passwords on AD controller

In the cloud
Deployment and control
on Microsoft Intune

> Solution not natively supported

> Development of a custom solution:

  • Password generation on Azure KeyVault
  • Deployment of local passwords with Intune
  • Logs on “Azure Application Insights”

What services do we provide?

Find the content of this page in PDF format:
Would you like more information on this offer?