deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 05:43:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

[BULK] - DocuTune - Rebranding of Azure Active Dir

Browse Source
This commit is contained in:
Alex Buck
2023-10-18 16:29:59 -04:00
parent 644bd14e3c
commit 1fec7fc03a
28 changed files with 115 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
windows/client-management/mdm/laps-csp.md
View File

@ -23,7 +23,7 @@ ms.topic: reference
The Local Administrator Password Solution (LAPS) configuration service provider (CSP) is used by the enterprise to manage back up of local administrator account passwords. Windows supports a LAPS Group Policy Object that is entirely separate from the LAPS CSP. Many of the various settings are common across both the LAPS GPO and CSP (GPO does not support any of the Action-related settings). As long as at least one LAPS setting is configured via CSP, any GPO-configured settings will be ignored. Also see [Configure policy settings for Windows LAPS](/windows-server/identity/laps/laps-management-policy-settings).
> [!NOTE]
> For more information on specific OS updates required to use the Windows LAPS CSP and associated features, plus the current status of the Azure Active Directory LAPS scenario, see [Windows LAPS availability and Azure AD LAPS public preview status](/windows-server/identity/laps/laps-overview#windows-laps-supported-platforms-and-azure-ad-laps-preview-status).
> For more information on specific OS updates required to use the Windows LAPS CSP and associated features, plus the current status of the Microsoft Entra LAPS scenario, see [Windows LAPS availability and Microsoft Entra LAPS public preview status](/windows-server/identity/laps/laps-overview#windows-laps-supported-platforms-and-azure-ad-laps-preview-status).
> [!TIP]
> This article covers the specific technical details of the LAPS CSP. For more information about the scenarios in which the LAPS CSP would be used, see [Windows Local Administrator Password Solution](/windows-server/identity/laps/laps).
@ -449,7 +449,7 @@ Use this setting to configure which directory the local admin account password i
The allowable settings are:
0=Disabled (password won't be backed up)
1=Backup the password to Azure AD only
1=Backup the password to Microsoft Entra-only
2=Backup the password to Active Directory only.
If not specified, this setting will default to 0.
@ -475,7 +475,7 @@ If not specified, this setting will default to 0.
| Value | Description |
|:--|:--|
| 0 (Default) | Disabled (password won't be backed up). |
| 1 | Backup the password to Azure AD only. |
| 1 | Backup the password to Microsoft Entra-only. |
| 2 | Backup the password to Active Directory only. |
<!-- Device-Policies-BackupDirectory-AllowedValues-End -->
@ -506,7 +506,7 @@ Use this policy to configure the maximum password age of the managed local admin
If not specified, this setting will default to 30 days.
This setting has a minimum allowed value of 1 day when backing the password to on-premises Active Directory, and 7 days when backing the password to Azure AD.
This setting has a minimum allowed value of 1 day when backing the password to on-premises Active Directory, and 7 days when backing the password to Microsoft Entra ID.
This setting has a maximum allowed value of 365 days.
<!-- Device-Policies-PasswordAgeDays-Description-End -->
@ -806,7 +806,7 @@ This setting has a maximum allowed value of 24 hours.
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
## Settings Applicability
The LAPS CSP can be used to manage devices that are either joined to Azure AD or joined to both Azure AD and Active Directory (hybrid-joined). The LAPS CSP manages a mix of AAD-only and AD-only settings. The AD-only settings are only applicable for hybrid-joined devices, and then only when BackupDirectory is set to 2.
The LAPS CSP can be used to manage devices that are either joined to Microsoft Entra ID or joined to both Microsoft Entra ID and Active Directory (hybrid-joined). The LAPS CSP manages a mix of Microsoft Entra-only and AD-only settings. The AD-only settings are only applicable for hybrid-joined devices, and then only when BackupDirectory is set to 2.
| Setting name | Azure-joined | Hybrid-joined |
|-------------------------------------|--------------|---------------|
@ -828,9 +828,11 @@ The LAPS CSP can be used to manage devices that are either joined to Azure AD or
The following examples are provided to show the correct format and shouldn't be considered as a recommendation.
### Azure-joined device backing password up to Azure AD
<a name='azure-joined-device-backing-password-up-to-azure-ad'></a>
This example shows how to configure an Azure-joined device to back up its password to Azure Active Directory:
### Azure-joined device backing password up to Microsoft Entra ID
This example shows how to configure an Azure-joined device to back up its password to Microsoft Entra ID:
```xml
<SyncMl xmlns="SYNCML:SYNCML1.2">