Why use both? GPO is most likely taking precedence. Use cloud laps implemented through Intune only.
#notanAIgeneratedresponse
LAPS Encryption Issues
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 30%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Evan
0
Reputation points
Good afternoon!
I am not sure if this is an Intune issue or an Active directory issue, but we are working towards implementing LAPS through intune and at the moment LAPS is working through AD but not through Intune. However, the LAPS passwords reset ever hour, GPUpdate, or restart of the machine. When we check the logs we get this error:
The managed account password needs to be updated due to one or more reasons (0x4200):
The policy is configured for password encryption but the encrypted password attribute was not found The password version identifier stored in Active Directory does not match the locally stored version
We've checked to make sure we have the correct group policy applied to this system and all systems both for the AD side and the Intune side. We have enabled encryption for both policies but this issue still persists. Any ideas or help would be appreciated!
Microsoft Security | Intune | Security
1 answer
Sort by: Most helpful
-
Rahul Jindal 11,166 Reputation points2025-07-25T20:49:30.93+00:00 -
Evan 0 Reputation points
2025-07-25T20:59:10.67+00:00 At the moment, we are in the early stages of implementing Intune. Only a handful of devices are on it. Our Intune policy matches the settings on GPO. Even so, devices that are not enrolled with Intune are also suffering this issue so it is for sure not Intune related but AD/GPO related...
Sign in to comment -