In the world of Windows Autopilot, ensuring a seamless deployment is essential. One critical aspect often overlooked is the readiness of Windows LAPS (Local Administrator Password Solution) post-deployment. To guarantee a smooth LAPS experience, it's important to have the April 2023 Windows update installed. This article explores the importance of these updates and introduces a PowerShell script for hassle-free deployment.

For applying the policies of Windows LAPS, the April 2023 Windows updates need to be on the system. The policy state will display as "Not applicable" otherwise.

Windows LAPS policy not applicable


Unfortunately, manufacturers do not consistently include these updates on new machines. Addressing this, I've written a small PowerShell script capable of installing the required updates, specifically focusing on Windows 10 and Windows 11 devices.

Deploying this PowerShell script through Intune adds a layer of simplicity to the update process.
Here's a overview of the script:

# Install NuGet package provider and PSWindowsUpdate module
Install-PackageProvider -Name NuGet -Force
Install-Module PSWindowsUpdate -Force

# Get information about the Windows operating system
$WindowsInfo = Get-ComputerInfo | Select-Object OSName, OSVersion

# Check if the OS is Windows 10
if ($WindowsInfo.OSName -like "*10*") {
    # Display a message for Windows 10 update
    Write-Host "Windows 10 update for LAPS"
    # Install the specified update using its KB article ID
    Get-WindowsUpdate -Install -KBArticleID 'KB5025221'
} 
# Check if the OS is Windows 11
elseif ($WindowsInfo.OSName -like "*11*") {
    # Display a message for Windows 11 update
    Write-Host "Windows 11 update for LAPS"
    # Install the specified update using its KB article ID
    Get-WindowsUpdate -Install -KBArticleID 'KB5025239'
}


Code language: PowerShell (powershell)
Full script @GitHub

Proactively addressing the need for the April 2023 Windows updates, this script ensures that Windows LAPS is ready for action post-Autopilot deployment. Whether you're managing Windows 10 or Windows 11 devices, the script streamlines the update process, enhancing the security and functionality of your Windows environment.

In summary, optimizing your Windows Autopilot deployment extends beyond the initial setup. Ensuring Windows LAPS readiness through the April 2023 update is a crucial step in maintaining a secure and efficient IT infrastructure. With this PowerShell script and Intune, you can confidently navigate the post-Autopilot landscape, knowing that your devices are equipped with the latest updates for enhanced performance.

If you haven't set up Windows LAPS, I suggest you do so. Here's an article which descripts that process to you: Explore Insights and Updates on Windows LAPS Entra ID (scloud.work)

Leave a Reply

Your email address will not be published. Required fields are marked *

Florian Salzmann
Senior Workplace Consultant @UMB AG

Stay in the Loop with My Monthly Newsletter!