Posted by: kurtsh | May 3, 2023

HOWTO: Monitor Windows LAPS Events with Microsoft Sentinel

Organizations are securing their workstation & servers by randomizing their Local Administrator account passwords & storing them in Azure AD using the new public preview of Microsoft’s “Windows Local Administrator Password Solution”.

Kaido Järvemets, a Microsoft MVP has written a blog about using Microsoft Sentinel to collect events from the new “Windows Local Administrator Password Solution”.

imageWindows Local Administrator Password Solution (LAPS) is a crucial security feature that helps organizations manage local administrator passwords for their domain-joined computers. In this blog post, we will explore how to create Data Collection Rules (DCRs) for Sentinel that will collect LAPS events from your environment.

Before you continue read my previous blog posts:

Read the entire blog post here:


%d bloggers like this: