Forum Discussion
Intune Manage Windows 10 Encryption without admin rights
Yea, noticed that too when I was playing around with AutoPilot and Compliance Policy.
To start the encryption I had to type my GA credentials, not even the AutoPilot admin account works.
Quite unexpected I would say.
I've been working with a few colleagues to get further on this. Right now we are testing a few ways to work around this. One method is having a device auto encrypt during Azure AD join. To do this though you need to have InstantGo, the following linked TechNet blog covered it well. Otherwise for devices without this I'm testing Intune Powershell which automatically encrypts a device. This seems to work with a user assignment but not with device assignments. I'll be opening a support case with Microsoft around that policy enforcement. I can update this later if that helps otherwise I'll write a post on it.
- John GuyJan 12, 2018Brass Contributor
Douglas, this is something that we are looking at also, and the UAC prompt is annoying! ha.
Powershell is what I was thinking, but let us know how you get on with your support case, may be worth seeing if you can get a Design Change Request (DCR) completed for this as I'm assuming there are numerous others wanting to do this seamlessly
- Jan 28, 2018
Hi,
it seems you are looking for a solution like this:
Hardware independent automatic Bitlocker encryption using AAD/MDM
This can run in standard user configurations also.
But maybe we will get something in Win10 Version 1803 for BitLocker... did you check the latest Insider Preview?
- Jan 28, 2018
Information regarding a change in behavior of BitLocker and next Windows 10 Version is available on docs:
https://docs.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp
AllowWarningForOtherDiskEncryption
Allows the Admin to disable the warning prompt for other disk encryption on the user machines.
Important
Starting in Windows 10, next major update, the value 0 can only be set for Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0.