How to enable LSA Protectedmode with Microsoft Intune. Empower your device management strategy with Microsoft Intune as we guide you through the process of enabling LSA Protectedmode. Gain control and streamline your Windows environment effortlessly. Let’s dive in!
Table of Contents
What is LSA Protectedmode
LSA Protected Mode, or Local Security Authority Protected Mode, is a security feature that enhances the protection of sensitive information in Windows environments. Enabling LSA Protected Mode through Microsoft Intune adds an extra layer of defense against credential theft and unauthorized access. This feature safeguards the Local Security Authority Subsystem Service (LSASS) process, which manages security policies on a Windows system. By enabling LSA Protected Mode, potential vulnerabilities in the LSASS process are mitigated, reducing the risk of credential-based attacks. This proactive measure is essential for maintaining a secure computing environment, especially in enterprise settings where safeguarding user credentials and system integrity is paramount. The integration of LSA Protected Mode through Microsoft Intune aligns with modern security best practices, contributing to a robust defense strategy against evolving cyber threats.
What are we going to set up?
In this blog post we will show you, How to enable LSA Protectedmode with Microsoft Intune. We are going to create a configuration profile in Intune and configure the LSA settings.
Create Configuration Profile
In this step we are going to create a configuration profile in Microsoft Intune and deploy the policy to the users or devices. Just follow these steps:
- Go to intune.microsoft.com
- Click on Devices
- Click on Windows
- Click on Configuration profiles
- Click on Create and New Policy
- Select the Platform Windows 10 and later
- Select the Profile type Templates
- Click on Custom
- Click on Create
- Give a Name and Description (optional) to the profile.
- Click on Next
- Click on Add
Now we need to enter the custom OMA-URI settings. Just enter the following:
- Name: Configure LSA Protected Process
- Description (Optional)
- OMA-URI: ./Device/Vendor/MSFT/Policy/Config/LocalSecurityAuthority/ConfigureLsaProtectedProcess
- Data type: Integer
- Value: 1
When you have finished the configuration click on Next.
- On the Assignments tab, add the groups or all users/devices. Click on Next.
- On the Applicability Rules tab, add the rule you want if applicable. Click on Next.
- On the Review + create tab click on Create
Congratulations! You have successfully deployed the policy.
Conclusion
You learned how to enable LSA Protectedmode with Microsoft Intune. We used the configuration profiles in Microsoft Intune to configure the LSA settings with custom OMA-URI.
Did you enjoy this article? Dont forget to follow us and share this article.
