Event banner
Event details
Hello to all. thank you for this session. Would it be possible to ask 2 questions please.
- Are there any furture plans to allow Bitlocker pin options to be applied during the autopilot setup. set to set a pin ?
- Are there any further plans when requesting device event logs to pull down the entire event logs or specific event logs. IE I need to apply Controlled folder manager this is being blocked instead of me remoting into a device i could request the logs.
Jason_Sandys
Microsoft
MicrosoftHi Marcos,
For the BitLocker PIN, it's an item of interest for the Windows team as the limitation isn't really specific to Intune. Also, the PIN, as it exists today has other limitations that present challenges to many orgs. With that in mind, there is a solution being designed to address the actual business case here (adding an additional protector to mitigate hardware-based attacks on the TPM).
For collecting additional logs, we consider adding items regularly. Which log specifically are you looking for? I'll pass this feedback onto the feature PM responsible. Keep in mind though that there is balance of what we can and should collect as we don't want to collect everything as there is a resource impact and cost associated with this activity.
- Hi Jason. thank you for your response and for taking the time to look into this. During the call it was mentioned that we should setup and config Windows Hello. Our current Enviroment is a Hyrbid we did attempt to setup the windows hello but caused other issues so we have disabled this. Our company Sec team requests that the device does have a bitlocker pin. I have been able to create a "workaround" but was hoping that this would be something MS could possibly inplement. Logs - I agree that the need to collect every log is unecessary Fully agree. The logs that i'm more specifically looking for are is. Logname - Microsoft-Windows-Windows Defender/Operational Source - Windows Defender When controlled folder access is configured to audit all the audit logs are located in the above location. This log file basically logs ASR attempts. It would be ready uselless if at all possible to include this in the system diagnostics download. Orgs that wants to enble Controlled folder access need to run the audit first. Thank you for your assistance.
- Jason_Sandys> Our current Enviroment is a Hyrbid we did attempt to setup the windows hello but caused other issues so we have disabled this. You should pursue this further with a support case, consultant, or further internal effort as Windows Hello for Business is the gateway to many current and future security improvements including getting rid of the biggest vulnerability in IT: user passwords. As for requiring a BitLocker PIN, as noted, we are looking at ways to address the core challenge which is mitigating hardware-based attacks. This is most likely aligned with your security team's requirement as well.