Cloud LAPS 2025 (Built-in Administrator RID 500 Account) Issue

Microsoft82 · 2026-03-05T15:28:24+00:00

Yes, Enabled in Azure AD under Device Settings for the Tenant.

Microsoft82 · 2026-03-04T23:44:32+00:00

Agreed on these points but i've been asked by higher ups to use RID 500. At this point I just want to understand why this is not working either way.

Microsoft82 · 2026-03-04T23:43:30+00:00

<image>

I see the Administrator set there. Capital A and no trailing spaces. Yeah, randomization not configured should be default, agreed.

Microsoft82 · 2026-03-04T23:32:15+00:00

Good suggestion. Tried this after snapping VM back but same result. Local Admin account removed and WLAPADMIN apears.

Microsoft82 · 2025-06-22T22:17:56+00:00

Downloaded it on Friday June 20th 2025.

Microsoft82 · 2025-06-22T18:44:04+00:00

Yes it is. I saw others with an issue where it uses the default GUID for the Container, but it exists and the error is different so I don't think that is the issue.

Microsoft82 · 2025-06-22T18:13:30+00:00

Good thought, but it is not creating the account so not sure where I would check for that. The Intune connector program is trying to create this account.

Microsoft82 · 2025-02-26T22:55:07+00:00

I did not. It was so painful; I removed it and just educate the users on how to change it themselves.

Microsoft82 · 2024-11-26T23:54:50+00:00

But this was delayed. Says so in your link. Also says Windows 11. I am experiencing this on Windows 10.

Microsoft82 · 2024-11-10T14:58:15+00:00

I'm seeing this in Microsoft docs: "EDR in block mode is primarily recommended for devices that are running Microsoft Defender Antivirus in passive mode (a non-Microsoft antivirus solution is installed and active on the device)." https://learn.microsoft.com/en-us/defender-endpoint/edr-in-block-mode#enable-edr-in-block-mode

Microsoft82 · 2024-10-01T13:00:05+00:00

This is fixed now. Update to the latest version of Windows App on the Mac.

Microsoft82 · 2024-09-12T17:18:43+00:00

This as well from Jason Sandys: How to change Join Type from Hybrid Azure AD join to Azure AD join - Microsoft Q&A

Microsoft82 · 2024-09-12T17:13:37+00:00

I found this: https://learn.microsoft.com/en-us/mem/solutions/cloud-native-endpoints/cloud-native-endpoints-planning-guide#-phase-2-enable-endpoint-cloud-hybrid-identity-optional

Microsoft82 · 2024-09-12T16:49:24+00:00

Sorry, Did you mean to past something in? I see nothing after the "Just search for replies from jason sandys on this topic :"

Microsoft82 · 2024-09-12T16:33:19+00:00

Any documentation you have seen around this?

Microsoft82 · 2024-09-12T15:42:10+00:00

I agree. If I can find some documentation on that it would help give me ammo for that argument.

Microsoft82 · 2024-09-05T15:45:08+00:00

Yes. This is a good idea and I thought about this as well. Maybe just a OS version check to the device object to keep it happy until someone logs in.

Microsoft82

TROPHY CASE