AWS Managed Microsoft AD is now available on Windows functional level 2016

Amazon Web Services has automatically upgraded all AWS Managed Microsoft AD directories to Windows functional level 2016, enhancing security capabilities for enterprise customers managing Active Directory infrastructure in the cloud. The upgrade introduces enhanced authentication mechanisms and improved privileged access management features that were not available in previous functional levels. A key addition with this upgrade is Local Administrator Password Solution (LAPS), which automatically generates unique, complex passwords for local administrator accounts on domain-joined computers and stores them securely within Active Directory. This addresses a common security vulnerability where organizations use the same local administrator password across multiple machines, creating potential attack vectors for lateral movement within networks. The upgrade has been rolled out across all AWS regions where Managed Microsoft AD is available, with the exception of Middle East (UAE) and Middle East (Bahrain) regions. The change requires no action from customers as AWS applied the functional level upgrade automatically to existing directories.