Forum Discussion
Microsoft Bitlocker Management from Intune
Howdy Folks!
I guess everyone is doing well with the Microsoft as all of you might got inspired much from the session last week held in Las Vegas(Microsoft Inspire)!!
Though I missed it everyone badly as I didn't get chance to visit but the questions keep peeping on my head!!
Now with the BitLocker issue where I guess someone can answer this as well,
So my query is straight as I need to disable or hide this option of getting the Recovery Keys from the End User level as it is a vulnerable for the Admins to provide the Recovery Keys for OS Encryption Disk like given below with an example
Bitlocker Keys Available from end user level using my apps.microsoft.com
Is there any option from the administrator level from Azure Portal to hide this Keys from the end user side??
Please help me out as customer is seeking help for this!!
Hey Mitul Sinha,
then I think your test setup had a different problem because there is no dependency on MFA for BitLocker enablement. To really confirm my statement I verified it in my test tenant right now. I disabled all MFA (AADJ & WHfB), enrolled a device, didn't see any MFA prompt (no MFA at all) and my BitLocker policies in Intune enabled encryption and my AADJ device is encrypted. BitLocker key is in AAD and everything is fine in the Intune portal (green icons - configurations successful applied).
So, again BitLocker has no dependency to MFA and can be enabled without MFA. Your problem in your tests seems to be rooted somewhere else.
Key rotation is currently not available but BitLocker is functional without MFA.
best,
Oliver
12 Replies
Hey Mitul Sinha,
as far as I know it, there is no option to disable this. It is designed as a self-service with no option to disable it in the portal.
best,
Oliver- But I don't understand even after not setting up the MFA policies from Azure AD still It is asked once you sign in with the new profile to achieve Bitlocker via Azure AD Domain Join. Suppose Customer is not interested in getting the MFA then how we can remove it?
And there is one more question Oliver Kieselbach just clicked on my mind..Suppose BitLocker PIN if I reset it then will it generate the new recovery key or store the new recovery key in my apps.microsoft.com or not?
