Synergix SEVA is a free* and complete replacement of Microsoft LAPS. SEVA supports password rotation of multiple local accounts on Windows, Unix and MAC devices that are in Azure AD, OnPrem AD, Workgroup or hosted in AWS, GCP, etc.
This article provides step-by-step instructions on deploying and on testing Synergix SEVA software on Microsoft Windows computers. Similar steps may be followed in deploying the software on UNIX, MacOS and other supported operating systems.
All required serverless resources are deployed in customer’s Azure Subscription, letting customers have complete control of their data.
- Active Azure Account with membership in Azure AD Global Administrators security group.
Global Administrator privilege is required during initial setup only, to create new Resource Group and to deploy required Azure Resources i.e., Web Apps, Key Vault, Table Storage and App Service Plan. Alternatively, the Global Administrator may delegate administration to other Azure AD Identity who can perform required actions.
- Local Administrator Account privileges on endpoints to manually install the pre-requisites, .NET Core 5.0+ Runtime and the Synergix SEVA MSI package or
- Intune Administrator privileges to distribute the pre-requisites.
Depending upon the scope of testing, you may need one or more computers, physical or virtual, running supported Operating Systems
Windows 7.0 SP1
Windows Server 2008/R2
Windows Server 2012/R2
Windows Server 2016 or
Windows Server 2019
Unix. RHEL, Fedora, Debian, Ubuntu, Linux Mint, SUSE Enterprise Linux, Alpine and more …
Endpoints may be in any one of the following environments.
- On Premises Active Directory
- Azure AD
- Azure AD Domain Services
- AWS, GCP and other Cloud Service providers
- Direct Internet Connection to your Azure Endpoints or
- Point-to-Site Connection to your Azure Endpoints or
- Indirect Connection through a Web Proxy to your Azure Endpoints
The back-end services, hosted in your Azure subscription, may be deployed using one of the two options
Azure Marketplace Offer
The Virtual Machine is a Microsoft Certified Virtual Machine that is based upon Windows Server 2016 or Windows Server 2019 Operating System. It contains required artifacts
- PowerShell Script to deploy Azure Resources
- PowerShell Script to deploy the binaries in Web Apps
This offer is appealing to customers, like the US Government and companies in the Banking, Financial and other industries that implement stricter Information Security policies. Deploying a Microsoft Certified Virtual Machine from Azure Marketplace provides the assurance that no binaries are transferred from external sources.
Once the Azure Virtual Machine is deployed, the installer can RDP to the VM, review the content of the artifacts and launch them in specific order. The Installation Guide (PDF) provides further details.
Install required PowerShell modules
Create required Azure Resources
Deploy binaries in Azure Web Apps
- Deploy MSI
The VM may be used to deploy the MSI package as a trial run. After deployment and setting the configuration parameters for your Azure Resources, you should be able to retrieve new password for the Built-In Administrator account.
Software Artifacts from our website (recommended)
This offer is appealing to customers who wish to download the binaries from Synergix website and deploy the Azure Resources from an Internet connected Windows 10 computer or Windows 10 Sandbox. Review the Installation Guide (PDF) in the downloaded Zip file and use the software artifacts to setup the environment.
Please complete the survey and submit your request for free Synergix SEVA Community Edition.
Community Edition use is limited to Azure AD Joined Windows 10 Computers. Only the Built-In Administrator password rotation is supported in Community Edition.
To license Enterprise Edition or Ultimate Edition, please contact email@example.com
Please review End User License Agreement included with the artifacts, before proceeding with product activation.
- Launch SEVA Portal specific to your Azure environment.
- Login using your Azure Account that is member of the newly created Azure AD Security Group(s) that allow access to the portal
- Search for device
- Under Security Actions, select “Built-In Administrator Account”
- Enter business justification for retrieving the password
- By default, the password is masked. Click on retrieve password to view the password
- Was the test successful?