Combining LAPS and MakeMeAdmin in Intune
Question
Hi All,
Question
MakeMeAdmin vs Laps from Intune?
What do you choose?
MakeMeAdmin is kind of user-friendly and like client “PIM”
LAPS is Secure as every administrator has unique pods
But today, the local admin is disabled.
A combination, maybe? Enable laps and keep MakeMeAdmin for some users
Posted in Magnus PetterssonĀ in HTMD FB Group
Answers ( 2 )
Replied by Magnus Pettersson
Walter Baymax Fraser Does Pim work with local admin access?
Or do you mean PIM to actually see LAPS PWD for the device (device management role)
Replied by Lukas DeejayTechpro
A PIM (whichever is used, MS EPM or 3rd party) and LAPS serve two completely different purposes and should be used alongside.
Replied by Pavel Yannara Mirochnitchenko
Laps is MS, other is not
Replied by Darrell Shand
There is not too much risk where I work for users to have admin rights. My take is laps are there to change and rotate the local admin password to make it secure.
Replied by Magnus Pettersson
Forgot to mention that users, in general, do not have admin rights at all.
I don’t either, but some users need to, and MakeMeAdmin is better than the whole session.
From a security point of view, isn’t disabled admin better than enable and rotate pwd?
Replied by Walter Baymax Fraser
Magnus Pettersson, what about endpoint privilege manager for the users who need local admin for specific apps? Use that with LAPS (and PIM) to secure the role and local access to the devices.