The LSA, which includes the Local Security Authority Server Service (LSASS) process, validates users for local and remote sign-ins and enforces local security policies.

LSA can be configured to run as a protected process, to make attacks such as pass-the-hash more difficult. For more information on running enabling additional LSA protection:
https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection

KACE looks to implement an LSA plug-in (KaceCredentialProvider.dll), which would need to support running LSA in this way.

Support case SR4837981 confirmed this isn't something Quest currently supports.