Options for Entra joined, LAPS enabled clients

[Aeternus]

Hello,

I recently started labing out a scenario using an on-prem AD joined VBR server backing up local domain joined servers as well as off-domain, Entra joined Windows 11 workstations with LAPS management enabled.

Obviously, this hit the wall regarding local account access by a domain joined VBR instance and I did find the support article about using the built-in local admin. However, that account is having it's password managed via LAPS and so isn't exactly a static account.

Are there any good options for this scenario currently?

P.S. I did try the LocalAccountTokenFilterPolicyData reg hack to no success.

[Aeternus]

Interesting aside...

I have 2 Windows 11 Ent PCs, both fresh built from the same media, joined to Entra/Intune and assigned the same config/policies, and no connection to AD.
Both are set up in VBR with identical local accounts configured and applied in VBR.
One is a laptop, the other a desktop.
Initially, neither backup worked, failing in the same ADMIN$ access denied.
I was testing on the desktop in regard to the reg key hack and other adjustments/experiments to no avail.
I just got the email notification that my laptop backup succeeded and there is indeed data there.

I have no idea why.

[Aeternus]

Decided to go with pre-installed agents. Not what I had in mind due to the limitations of it but accomplishes the goal of backups, which I needed sooner rather than later.

[futureweb]

In this scenario, no autoupdates of clients managed through B&R, correct?

Is this still the current way how to handle backups for Intune Joined Clients without Hybrid?
Read about Cloud Connect Enterprise but unsure, if this wouldn't be an overkill and if VUL licences are enough here.

Basically the goal is,that the clients are managed through B&R like it is with domain joined clients, but using intune managed workstations.
So not first time deployment, but updates afterwards.