Jamf Nation Community

Identify whether you intend to use MDM LAPS or JAMF Framework LAPS or both . Ensure that the managed user account is not the same on UIE and Prestage Enrollment. 

LAPS will be enabled only on the New Enrollment, JAMF LAPS can't be enabled for the device which is already Enrolled 

I will be delving into this in our environment in the next few weeks, so I don't have experience to share yet. But I'm sharing some resources that I will be referring to:

There was a good talk at JNUC: Break Glass: How To Securely Administer Computers Using Jamf Pro LAPS. If you were there you can access it now; otherwise I believe it will be available for everyone next month: https://events.jnuc.jamf.com/widget/jamf/jnuc2024/sessioncatalog24/session/1714231330197001Zx7Y . I recommend that you watch this, they explain very well the differences between MDM LAPS and Jamf Framework LAPS, and depending on your situation one is likely better than the other. 

You also might want to take a look at this, it might be possible for you to enable LAPS on machines that are already enrolled: https://gist.github.com/talkingmoose/9f4638932df28c4bebde5dd47be1812a 

I did this a few months ago. The biggest takeaway is that if you currently use the extension attribute to do LAPS, back them up. The other really big take away is communication/document/training. It went really smoothly b/c I did these.