Intune LAPS on macOS: Why Local Admin Passwords May Fail (and How to Fix It)

While implementing Intune LAPS for a local admin account on macOS, I ran into a strange issue.

When trying to leverage privileges, macOS showed only a trembling credentials window — the same behavior you see with an incorrect password.
But the password came directly from Intune LAPS, so it should have worked.

I verified the local account using dscl — everything was correct.

dscl . list /Users

dscl . -read /Users/<Account_name>

When I switched to this local admin account, macOS prompted me to reset the password, which clearly shows a mismatch between Intune LAPS and local password enforcement.

The issue was caused by a password-related compliance policy assigned to the device.

In my case, I had an active compliance policy that enforced password requirements on macOS.

LAPS does not work correctly if any compliance policy enforces password rules.

When I deleted it and once again enroll MacBook to Intune after wiping it LAPS starts work correctly.

The fix

1. Remove all compliance policies related to passwords
2. Wipe the MacBook
3. Re-enroll the device into Intune

Website created in the creator WebWave