Event banner
Event details
with the bitlocker csp "issue" ,(protection only enabled after logging in) we need to have a reboot to make sure we can report the status to the dha service. But in that time the device isn't compliant and with conditional access in place the end user could end up with a not working device. until he/she reboots the device..
Any advice how we could deliver a better experience? setting the grace period?switching to powershell to enable bitlocker during the device phase? just a penny for your thoughts 🙂
- As "someone at ms" made me aware off the fact that setting grace period isn't the nicest thing... .. his exact words... would you like tot have a device without bitlocker in your company, would you be okay with that 😉
So true Rudy_Ooms_MVP ! I don't like grace periods also. It is a choice I rather not make, sometimes you need to however. I would love to see some improvements on this.
- Yep... I know.. thats why we use powershell to deploy bitlocker and making sure the device gets rebooted after the device phase (autopilot).. so when the device ends up at the account login, with the use of the online company portal (yeah ... everyone advice the offline one... i think otherwise) we can make sure the device has and gets the time to get compliant to even create a connection to the msstore (cloud app) to fetch the company portal... So after a couple of minutes the user logs in (after the cp arrived at the device) and everything is good to go...
