Combining LAPS and MakeMeAdmin in Intune


Hi All,

MakeMeAdmin vs Laps from Intune?
What do you choose?
MakeMeAdmin is kind of user-friendly and like client “PIM”
LAPS is Secure as every administrator has unique pods
But today, the local admin is disabled.
A combination, maybe? Enable laps and keep MakeMeAdmin for some users
Posted in Magnus PetterssonĀ  in HTMD FB Group

Answers ( 2 )

  1. Replied by Magnus Pettersson

    Walter Baymax Fraser Does Pim work with local admin access?
    Or do you mean PIM to actually see LAPS PWD for the device (device management role)

    Replied by Lukas DeejayTechpro

    A PIM (whichever is used, MS EPM or 3rd party) and LAPS serve two completely different purposes and should be used alongside.

    Replied by Pavel Yannara Mirochnitchenko

    Laps is MS, other is not

  2. Replied by Darrell Shand

    There is not too much risk where I work for users to have admin rights. My take is laps are there to change and rotate the local admin password to make it secure.

    Replied by Magnus Pettersson

    Forgot to mention that users, in general, do not have admin rights at all.
    I don’t either, but some users need to, and MakeMeAdmin is better than the whole session.
    From a security point of view, isn’t disabled admin better than enable and rotate pwd?

    Replied by Walter Baymax Fraser

    Magnus Pettersson, what about endpoint privilege manager for the users who need local admin for specific apps? Use that with LAPS (and PIM) to secure the role and local access to the devices.

Leave an answer

Sorry, you do not have permission to answer to this question .