Forum Discussion
Intune Manage Windows 10 Encryption without admin rights
Recently I've started working a lot more with Intune by itself to manage out an environment. I'm running into an issue where if I require devices to be encrypted with BitLocker the end user is getting a UAC prompt where an admin need to sign in to allow them to start encryption. Is there any way around this, especially if I'm sending out a remote device utilizing Autopilot?
- Daniel PerssonBrass Contributor
Yea, noticed that too when I was playing around with AutoPilot and Compliance Policy.
To start the encryption I had to type my GA credentials, not even the AutoPilot admin account works.
Quite unexpected I would say.
- Douglas WilsonCopper Contributor
I've been working with a few colleagues to get further on this. Right now we are testing a few ways to work around this. One method is having a device auto encrypt during Azure AD join. To do this though you need to have InstantGo, the following linked TechNet blog covered it well. Otherwise for devices without this I'm testing Intune Powershell which automatically encrypts a device. This seems to work with a user assignment but not with device assignments. I'll be opening a support case with Microsoft around that policy enforcement. I can update this later if that helps otherwise I'll write a post on it.
- John GuyBrass Contributor
Douglas, this is something that we are looking at also, and the UAC prompt is annoying! ha.
Powershell is what I was thinking, but let us know how you get on with your support case, may be worth seeing if you can get a Design Change Request (DCR) completed for this as I'm assuming there are numerous others wanting to do this seamlessly