By Luke Ramsdale – Service Engineer | Microsoft Endpoint Manager – Intune
This is the third blog in our series on using BitLocker with Microsoft Endpoint Manager - Microsoft Intune. In the last...
Updated Dec 19, 2023
Version 12.0
Blog Post
We are currently testing moving how we deploy Bitlocker settings from GPO to Intune. The issue we are having is that the Intune policy wont populate the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE keys properly. It populates the regkeys in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager ok, but fails to build the ones in FVE which are required. If we make a small change in the Intune policy then those settings are populated in the FVE key. Anyone else run into this issue and have a solution?
If we delete all the regkeys from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\GUID\default\Device\BitLocker and then run an Intune Sync, it then rebuilds these and then also rebuilds all the keys in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE.
So its like if these keys (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\GUID\default\Device\BitLocker) are already populated from the Intune policy, then it wont build the keys in FVE.
We would have to remove GPO settings and leave until all devices have cleared the FVE keys, then apply the Intune policy to then successfully build out the FVE key.
I've also tested with MDMWinsOverGPO. Still get the same issue.
Has any experienced this before?