Forum Discussion

Iron Contributor

Mar 11, 2020

Existing / In Use / Already Encrypted W10 Devices - BL Keys to Azure AD

Hi All Is there a way to port BitLocker keys on existing / in use devices that have already been encrypted (manually or outwith Intune) to Azure AD? Info appreciated

Intune

mobile device management (mdm)

Thijs Lecomte

Bronze Contributor

Mar 12, 2020

First have a policy in place that saves the key to AAD, then you would have to force a key rotation for every device.

StuartK73
Iron Contributor
Mar 18, 2020
Thijs Lecomte

Hey can you elaborate on this?

Regards
- Thijs Lecomte
  Bronze Contributor
  Mar 18, 2020
  Hi StuartK73
  
  This would be my way of working:
  - Create an Intune policy to enable encryption and store the key in AAD
  - Disable the policy in the local AD
  - Force a key rotation on all machines (https://www.scconfigmgr.com/2019/11/20/enable-bitlocker-key-rotation-for-intune-managed-devices/)