Forum Discussion
Intune Manage Windows 10 Encryption without admin rights
Recently I've started working a lot more with Intune by itself to manage out an environment. I'm running into an issue where if I require devices to be encrypted with BitLocker the end user is getting a UAC prompt where an admin need to sign in to allow them to start encryption. Is there any way around this, especially if I'm sending out a remote device utilizing Autopilot?
11 Replies
Yea, noticed that too when I was playing around with AutoPilot and Compliance Policy.
To start the encryption I had to type my GA credentials, not even the AutoPilot admin account works.
Quite unexpected I would say.
I've been working with a few colleagues to get further on this. Right now we are testing a few ways to work around this. One method is having a device auto encrypt during Azure AD join. To do this though you need to have InstantGo, the following linked https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2016/03/14/automatic-bitlocker-on-windows-10-during-azure-ad-join/ blog covered it well. Otherwise for devices without this I'm testing Intune Powershell which automatically encrypts a device. This seems to work with a user assignment but not with device assignments. I'll be opening a support case with Microsoft around that policy enforcement. I can update this later if that helps otherwise I'll write a post on it.
Douglas, this is something that we are looking at also, and the UAC prompt is annoying! ha.
Powershell is what I was thinking, but let us know how you get on with your support case, may be worth seeing if you can get a Design Change Request (DCR) completed for this as I'm assuming there are numerous others wanting to do this seamlessly
