Forum Discussion
Existing / In Use / Already Encrypted W10 Devices - BL Keys to Azure AD
Hi All Is there a way to port BitLocker keys on existing / in use devices that have already been encrypted (manually or outwith Intune) to Azure AD? Info appreciated
Hi StuartK73
This would be my way of working:
- Create an Intune policy to enable encryption and store the key in AAD
- Disable the policy in the local AD
- Force a key rotation on all machines (https://www.scconfigmgr.com/2019/11/20/enable-bitlocker-key-rotation-for-intune-managed-devices/)