Options for Entra joined, LAPS enabled clients

[Aeternus]

Hello,

I recently started labing out a scenario using an on-prem AD joined VBR server backing up local domain joined servers as well as off-domain, Entra joined Windows 11 workstations with LAPS management enabled.

Obviously, this hit the wall regarding local account access by a domain joined VBR instance and I did find the support article about using the built-in local admin. However, that account is having it's password managed via LAPS and so isn't exactly a static account.

Are there any good options for this scenario currently?

P.S. I did try the LocalAccountTokenFilterPolicyData reg hack to no success.

[Aeternus]

Interesting aside...

I have 2 Windows 11 Ent PCs, both fresh built from the same media, joined to Entra/Intune and assigned the same config/policies, and no connection to AD.
Both are set up in VBR with identical local accounts configured and applied in VBR.
One is a laptop, the other a desktop.
Initially, neither backup worked, failing in the same ADMIN$ access denied.
I was testing on the desktop in regard to the reg key hack and other adjustments/experiments to no avail.
I just got the email notification that my laptop backup succeeded and there is indeed data there.

I have no idea why.

[Aeternus]

Decided to go with pre-installed agents. Not what I had in mind due to the limitations of it but accomplishes the goal of backups, which I needed sooner rather than later.