Forum Discussion

Douglas Wilson's avatar
Douglas Wilson
Copper Contributor
Dec 22, 2017

Intune Manage Windows 10 Encryption without admin rights

Recently I've started working a lot more with Intune by itself to manage out an environment. I'm running into an issue where if I require devices to be encrypted with BitLocker the end user is getting a UAC prompt where an admin need to sign in to allow them to start encryption. Is there any way around this, especially if I'm sending out a remote device utilizing Autopilot?

  • Yea, noticed that too when I was playing around with AutoPilot and Compliance Policy.

    To start the encryption I had to type my GA credentials, not even the AutoPilot admin account works.

    Quite unexpected I would say.


     

    • Douglas Wilson's avatar
      Douglas Wilson
      Copper Contributor

      I've been working with a few colleagues to get further on this. Right now we are testing a few ways to work around this. One method is having a device auto encrypt during Azure AD join. To do this though you need to have InstantGo, the following linked TechNet blog covered it well. Otherwise for devices without this I'm testing Intune Powershell which automatically encrypts a device. This seems to work with a user assignment but not with device assignments. I'll be opening a support case with Microsoft around that policy enforcement. I can update this later if that helps otherwise I'll write a post on it.

      • John Guy's avatar
        John Guy
        Brass Contributor

        Douglas, this is something that we are looking at also, and the UAC prompt is annoying! ha.

         

        Powershell is what I was thinking, but let us know how you get on with your support case, may be worth seeing if you can get a Design Change Request (DCR) completed for this as I'm assuming there are numerous others wanting to do this seamlessly

         

Resources