Storing bitlocker recovery password in AD/Azure AD for Removable drives

Question

Hello&nbsp;We have applied Bitlocker through Intune for OS, and Fixed drives for enrolled devices. Recovery passwords are saved on Azure AD/AD.&nbsp;We have a requirement to apply the same for Removable drives, Subset of the settings are there in Intune, but it seems that we can't save the recovery password for removable drives on AD/Azure AD.&nbsp;As shown below, those settings are not supported in MDM. can we apply the setting by custom&nbsp;OMA-URIs ?&nbsp;&nbsp;

mikhailf · Answer

Hello ahmnoor395&nbsp;,&nbsp;I assume that you used GPO to configure this setting and then uploaded this GPO to Intune Group Policy analytics.On the workstation that has this policy applied you can try to find what registry keys were changed by this GPO and then change these registry keys via Intune (for example, with PowerShell).&nbsp;Hope it helps.

ahmnour · Answer

mikhailf&nbsp;we looking to store the recovery key in Azure AD, storing the key in AD means the laptop or desktop should be on premises to start the encryption.

mikhailf · Answer

If you are going to store the key in Azure AD, laptops and desktops should be connected to Azure AD. (Hybrid AD Joined or AD Joined).

ahmnoor395 · Answer

devices already hybrid joined, and as I mentioned, OS and Fixed Drive are already encrypted via Intune. What we looking for is to apply the policy for the removable drives through Intune and store the recovery key in Azure AD

trubio · Answer

Im curious was there ever a solution you found? we are in the same situation. hoping for some guidance.

Forum Discussion

Storing bitlocker recovery password in AD/Azure AD for Removable drives

5 Replies

Resources