162: Account protection
Overview
Account protection in Microsoft Intune's endpoint security is designed to protect user identities and manage local group memberships on Windows devices. It includes:
- Windows Hello for Business: Enhances security by replacing passwords with strong two-factor authentication using biometrics or PINs.
- Credential Guard: Uses virtualization-based security to isolate and protect credentials from theft.
- Local Admin Password Solution (LAPS): Manages a single local administrator account per device, enforcing password requirements and backing up credentials to Active Directory or Microsoft Entra.
- Local Group Management: Add, remove, or replace members of built-in local groups, such as the Administrators group, ensuring only authorized users have elevated privileges