Answer-first summary for fast verification
Answer: Local Administrator Password Solution (LAPS)
The Local Administrator Password Solution (LAPS) helps manage the local administrator passwords on Windows computers, ensuring that each machine has a unique, automatically managed local admin password. This reduces the risk of lateral movement in case one local admin account is compromised. The other options, like Azure AD Identity Protection, Azure AD Privileged Identity Management (PIM), and Privileged Access Workstations (PAWs), do not address the specific need for providing on-demand local admin access while mitigating ransomware risks as effectively as LAPS.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You manage an Azure Active Directory (Azure AD) tenant that is synchronized with an on-premises Active Directory Domain Services (AD DS) domain. The client computers in this environment run on Windows and are hybrid-joined to Azure AD. As part of your responsibilities, you are tasked with designing a strategy to protect these endpoints from ransomware attacks. Adhering to Microsoft Security Best Practices, one key aspect of your strategy is to remove all domain accounts from the Administrators groups on the Windows computers, thereby enhancing security. You need to recommend a solution that will allow users to gain administrative access to these Windows computers but only when it is absolutely necessary. The chosen solution should also aim to minimize the risk of ransomware spreading laterally if an administrator account on one of the computers is compromised. What solution would you recommend to achieve this goal?
A
Local Administrator Password Solution (LAPS)
B
Azure AD Identity Protection
C
Azure AD Privileged Identity Management (PIM)
D
Privileged Access Workstations (PAWs)
No comments yet.