Serverless LAPS powered by Microsoft Intune, Azure Functions and Azure Key Vault!

For more information how to implement this solution, please refer to my blog post at

An HTTP-triggered Azure Function written in PowerShell, to be used with the Serverless LAPS | Intune, Azure Functions & Key vault | New-LocalAdmin PowerShell script, which will generate and return a random password in the output stream, and simultaneously creates or updates a secret in an Azure key vault.

This function can be triggered using a POST method, containing, for example, the following request body:

    "contentType""Local Administrator Credentials", 
The function uses a Managed Service Identity to authenticate with an Azure key vault.
Below are the steps which are executed by this function:
  1. Retrieves an Azure Key Vault Access Token using the Function's Managed Service Identity
  2. Uses the Azure Key Vault Access Token to create an Authentication Header
  3. Generates a random password
  4. Sets a secret (keyName) in Azure Key Vault, including the random password and the optional contentType and tags provided in the request body.
  5. Returns the randomly generated password as Function Output, used by the New-LocalAdmin.ps1 script to create a Local Administrator account.

For information on how to use