Jamf

This article will show you how to check if MDM LAPS has been enabled on a Jamf Pro instance utilizing the Jamf Pro API and GUI.

Checking if MDM LAPS is Enabled on Jamf Pro version 11.4 or earlier 

Go to <a href="https://name.jamfcloud.com/api" rel="nofollow noopener noreferrer" target="_blank">https://NAME.jamfcloud.com/api</a> in a web browser.

Towards the top of the page enter a Username and Password (with the necessary privileges) to authorize and generate tokens.

Scroll down to the endpoint named local-admin-password and click on it to expand it.

Click on the GET /v2/local-admin-password/settings to expand it.

In the response body, if the <code>autoDeployEnabled</code> is set to <code>true</code> then MDM LAPS is enabled.

1. Go to <a href="https://name.jamfcloud.com/api" rel="nofollow noopener noreferrer" target="_blank">https://NAME.jamfcloud.com/api</a> in a web browser.
2. Click on Jamf Pro API.
3. Towards the top of the page enter a Username and Password (with the necessary privileges) to authorize and generate tokens.
4. Scroll down to the endpoint named local-admin-password and click on it to expand it.
5. Click on the GET /v2/local-admin-password/settings to expand it.
6. Click Try it out.
7. Click Execute. 
8. In the response body, if the <code>autoDeployEnabled</code> is set to <code>true</code> then MDM LAPS is enabled.

Checking if MDM LAPS is Enabled on Jamf Pro version 11.5 or later 

This information can now be verified in Settings &gt; Computer management &gt; Security. The available settings at this page are as follows:

- When you select the checkbox, LAPS password management is enabled for managed local administrator accounts created via PreStage enrollment (MDM LAPS). 
 - This applies to an MDM-created managed local administrator account on both newly enrolled computers and previously enrolled computers.
- The password for the account will be randomized the next time the computer submits inventory to Jamf Pro. 
- When the managed local administrator account password is randomized and managed by LAPS, the global settings for password rotation will apply to the account. The account will remain managed by LAPS, even when the checkbox is deselected.
- When you deselect the checkbox, passwords for managed local administrator accounts on newly enrolled computers created via PreStage enrollment will not have their passwords randomized and managed by LAPS.

- Choose how often to automatically rotate passwords for managed local administrator accounts. The default value is "Never". This is equivalent to setting <code>autoDeployEnabled</code> to <code>false</code> in the Jamf Pro API.

- Choose how often to automatically rotate passwords for managed local administrator accounts after they are viewed.

- Enable LAPS for PreStage accounts
 - When you select the checkbox, LAPS password management is enabled for managed local administrator accounts created via PreStage enrollment (MDM LAPS). 
 - This applies to an MDM-created managed local administrator account on both newly enrolled computers and previously enrolled computers.
 - The password for the account will be randomized the next time the computer submits inventory to Jamf Pro. 
 - When the managed local administrator account password is randomized and managed by LAPS, the global settings for password rotation will apply to the account. The account will remain managed by LAPS, even when the checkbox is deselected.
 - When you deselect the checkbox, passwords for managed local administrator accounts on newly enrolled computers created via PreStage enrollment will not have their passwords randomized and managed by LAPS. 
- Rotation interval
 - Choose how often to automatically rotate passwords for managed local administrator accounts. The default value is "Never". This is equivalent to setting <code>autoDeployEnabled</code> to <code>false</code> in the Jamf Pro API. 
- Rotation after viewing interval
 - Choose how often to automatically rotate passwords for managed local administrator accounts after they are viewed.

Jamf does not recommend using MDM LAPS for password rotation if the account needs to use FileVault or authorize software updates on computers with Apple silicon. 

Rotating a managed local administrator account password from the PreStage enrollment that has become cryptographically enabled with a secure token will result in the login password being changed. However, the new password will not work for cryptographic user authentication purposes.

<a href="https://learn.jamf.com/en-US/bundle/technical-paper-laps-current/page/Local_Administrator_Password_Solution.html" rel="nofollow noopener noreferrer" target="_blank">Technical Paper: Local Administrator Password Solution for Jamf Pro</a>

- <a href="https://learn.jamf.com/en-US/bundle/technical-paper-laps-current/page/Local_Administrator_Password_Solution.html" rel="nofollow noopener noreferrer" target="_blank">Technical Paper: Local Administrator Password Solution for Jamf Pro</a>

Utilize the API and GUI to see if MDM LAPS is enabled for a Jamf Pro instance

Create a custom design with text, images, and links

Community

Training

Login

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Utilize the API and GUI to see if MDM LAPS is enabled for a Jamf Pro instance

Description

Checking if MDM LAPS is Enabled on Jamf Pro version 11.4 or earlier

Checking if MDM LAPS is Enabled on Jamf Pro version 11.5 or later

More Resources