Forum Discussion
Intune Manage Windows 10 Encryption without admin rights
I've been working with a few colleagues to get further on this. Right now we are testing a few ways to work around this. One method is having a device auto encrypt during Azure AD join. To do this though you need to have InstantGo, the following linked TechNet blog covered it well. Otherwise for devices without this I'm testing Intune Powershell which automatically encrypts a device. This seems to work with a user assignment but not with device assignments. I'll be opening a support case with Microsoft around that policy enforcement. I can update this later if that helps otherwise I'll write a post on it.
Douglas, this is something that we are looking at also, and the UAC prompt is annoying! ha.
Powershell is what I was thinking, but let us know how you get on with your support case, may be worth seeing if you can get a Design Change Request (DCR) completed for this as I'm assuming there are numerous others wanting to do this seamlessly
- Jan 28, 2018
Hi,
it seems you are looking for a solution like this:
Hardware independent automatic Bitlocker encryption using AAD/MDM
This can run in standard user configurations also.
But maybe we will get something in Win10 Version 1803 for BitLocker... did you check the latest Insider Preview?
- Jan 28, 2018
Information regarding a change in behavior of BitLocker and next Windows 10 Version is available on docs:
https://docs.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp
AllowWarningForOtherDiskEncryption
Allows the Admin to disable the warning prompt for other disk encryption on the user machines.
Important
Starting in Windows 10, next major update, the value 0 can only be set for Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0.
- Neil GoldsteinMay 15, 2018Iron Contributor
If AllowWarningForOtherDiskEncryption is set to 0 on a 1803 enterprise device, will it assume defaults for the other settings?
Also does this value being 0 have any relationship to computers wanted to reset TPM after the upgrade to 1803?