By Luke Ramsdale – Service Engineer | Microsoft Endpoint Manager – Intune
This is the first in a five-part series about using BitLocker with Intune. The series will review basic concepts and re...
Updated Dec 19, 2023
Version 10.0
Blog Post
Luker1 Hey Luke,
For my customer we have apply this best practice :
Create the BitLocker policy using an Endpoint security policy. This workflow is the most recent method of deploying BitLocker settings
But now we have an issue on 25% of devices that don't apply the bitlocker strategy because they enforce Windows 10 default strategy encryption (configuration profile with Require Device encryption and Allow Standard user Encryption) before having the intune bitlocker strategy ... This devices are encrypted in Sha-128 instead 256 and recovery key backed up to AD instead AAD...
rollback = decryption > recryption
So how can we remediate at this problem of orchestration, and be sure devices will not start encryption before receiving our bitlocker strategy?
Thank you in advance !