Howdy Folks!
I guess everyone is doing well with the Microsoft as all of you might got inspired much from the session last week held in Las Vegas(Microsoft Inspire)!!
Though I missed it everyone badly as I didn't get chance to visit but the questions keep peeping on my head!!
Now with the BitLocker issue where I guess someone can answer this as well,
So my query is straight as I need to disable or hide this option of getting the Recovery Keys from the End User level as it is a vulnerable for the Admins to provide the Recovery Keys for OS Encryption Disk like given below with an example
Bitlocker Keys Available from end user level using my apps.microsoft.com
Is there any option from the administrator level from Azure Portal to hide this Keys from the end user side??
Please help me out as customer is seeking help for this!!
@Oliver So I have tested it out today came up with this screenshot as it always ask this option. Before asking if the Windows Machine has fingerprint I must have to set that as well so I set both the options MFA as well as PIN for Windows and then Encryption done for BitLocker but yes I didn't get any BitLocker PIN to setup as Device Configuration Policies didn't push and got error.
Windows PIN at Startup
Device Configuration got failed from Intune but Device Compliance Got Successful
Device Compliance Successful
Device Configuration Failed
Please let me know how we can achieve successful Bitlocker encryption with Bitlocker PIN should appear!!
Hey @Mitul Sinha,
for silent encryption you have to skip the startup to require PIN settings. PIN can only achieved by using the Wizard which is user driven. Silent auto encryption is TPM-only. Can you please test automatic encryption with the following settings (no additional authentication at startup):
In addition I have a guide here:
Enabling BitLocker on non-HSTI devices with Intune
https://oliverkieselbach.com/2018/10/23/enabling-bitlocker-on-non-hsti-devices-with-intune/
best,
Oliver
Accepted Solutions