Entra ID (AzureAD) PAM-DC PAM-Laptop Mixed Example

Here is an example TechIDManager deployment for an MSP’s client that has one domain controller, five local computers wired, and two laptops.

You want to have unique domain accounts for each tech to access all the computers, and on the two laptops you want techs to use the local administrator account for possible offline access, and on one of the laptops you want additional unique accounts for just two of the techs. 

You deploy a PAM agent to the domain controller, and use the domain accounts to access all the computers, both wired and the laptops.

You deploy a LAPS agent to each of the two laptops to rotate the local Administrator password and make that accessible to a set of techs incase a tech needs access to one of those laptops and it is offline. 

For the Laptop where you want 2 techs to have unique accounts, you deploy a PAM agent to that laptop and setup groups and triplets to limit access. 

The total agent counts deployed in this example are:
3 PAM agent
2 LAPS agents

More deployment examples