Without leveraging a 3rd party utility like JumpCloud or NoMaD (now JAMF Connect) synchronizing passwords on MacOS with a centralized identity provider has always been a pain point let alone leveraging a rotating local admin password similar to LAPS. In one of my previous posts, I discussed Intune for MacOS and How It’s Different where I highlighted that unlike other MDM providers Intune does not create a managed admin account on MacOS.
Always approach information you find outside (or inside for that matter) official documentation with skepticism and follow the golden rule: Never test in production. As the name suggests, these accounts are based on experiences I’ve had in my own lab. Disclaimer: This blog ( and this post especially) is not intended to be advice on how to manage your environment.