Forum Discussion

Douglas Wilson's avatar
Douglas Wilson
Copper Contributor
Dec 22, 2017

Intune Manage Windows 10 Encryption without admin rights

Recently I've started working a lot more with Intune by itself to manage out an environment. I'm running into an issue where if I require devices to be encrypted with BitLocker the end user is gettin...
Intune
mobile device management (mdm)
Daniel Persson's avatar
Daniel Persson
Brass Contributor
Dec 29, 2017

Yea, noticed that too when I was playing around with AutoPilot and Compliance Policy.

To start the encryption I had to type my GA credentials, not even the AutoPilot admin account works.

Quite unexpected I would say.

 

Douglas Wilson's avatar
Douglas Wilson
Copper Contributor
Dec 29, 2017

I've been working with a few colleagues to get further on this. Right now we are testing a few ways to work around this. One method is having a device auto encrypt during Azure AD join. To do this though you need to have InstantGo, the following linked https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2016/03/14/automatic-bitlocker-on-windows-10-during-azure-ad-join/  blog covered it well. Otherwise for devices without this I'm testing Intune Powershell which automatically encrypts a device. This seems to work with a user assignment but not with device assignments. I'll be opening a support case with Microsoft around that policy enforcement. I can update this later if that helps otherwise I'll write a post on it.

  • John Guy's avatar
    John Guy
    Brass Contributor
    Jan 12, 2018

    Douglas, this is something that we are looking at also, and the UAC prompt is annoying! ha.

     

    Powershell is what I was thinking, but let us know how you get on with your support case, may be worth seeing if you can get a Design Change Request (DCR) completed for this as I'm assuming there are numerous others wanting to do this seamlessly

     

Resources