Organizations are securing their workstation & servers by randomizing their Local Administrator account passwords & storing them in Azure AD using the new public preview of Microsoft’s “Windows Local Administrator Password Solution”.
Kaido Järvemets, a Microsoft MVP has written a blog about using Microsoft Sentinel to collect events from the new “Windows Local Administrator Password Solution”.
Windows Local Administrator Password Solution (LAPS) is a crucial security feature that helps organizations manage local administrator passwords for their domain-joined computers. In this blog post, we will explore how to create Data Collection Rules (DCRs) for Sentinel that will collect LAPS events from your environment.
Before you continue read my previous blog posts:
- Introducing the New and Improved Windows LAPS: Local Administrator Password Solution (kaidojarvemets.com)
- Windows LAPS PowerShell Commands (kaidojarvemets.com)
- Windows LAPS EventIDs and XPath Queries (kaidojarvemets.com)
- Windows LAPS – New Group Policy Settings (kaidojarvemets.com)
…
Read the entire blog post here:
- Monitor Windows LAPS Events with Microsoft Sentinel
https://www.kaidojarvemets.com/monitor-windows-laps-events-with-microsoft-sentinel/
kurtsh
Kurt Shintaku's Blog 