Existing / In Use / Already Encrypted W10 Devices - BL Keys to Azure AD

Question

Hi All&nbsp;Is there a way to port BitLocker keys on existing / in use devices that have already been encrypted (manually or outwith Intune) to Azure AD?&nbsp;Info appreciated

thijs lecomte · Answer

Hi&nbsp;StuartK73&nbsp;&nbsp;This would be my way of working:- Create an Intune policy to enable encryption and store the key in AAD- Disable the policy in the local AD- Force a key rotation on all machines (https://www.scconfigmgr.com/2019/11/20/enable-bitlocker-key-rotation-for-intune-managed-devices/)

thijs lecomte · Answer

First have a policy in place that saves the key to AAD, then you would have to force a key rotation for every device.

stuartk73 · Answer

Thijs Lecomte&nbsp;&nbsp;Hey can you elaborate on this?&nbsp;Regards

Forum Discussion

Existing / In Use / Already Encrypted W10 Devices - BL Keys to Azure AD

3 Replies

Resources