Oct 09 2023 08:44 PM
Hi,
We have enabled Bitlocker using Intune and used AES 256bit XTS. But when we run manage-bde -status it says the encryption method is XTS-AES 128.
Any suggestions on this?
Is it a potential Bug or Am i missing something on my end?
Thanks
Oct 10 2023 12:25 AM
@Kashish_Goyal this device was encrypted before with BitLocker prior applying the new settings?
Oct 10 2023 02:48 AM
Oct 17 2023 03:18 PM
Oct 17 2023 10:06 PM
SolutionOct 17 2023 10:44 PM
Oct 18 2023 04:25 AM
@Kashish_Goyal The Easiest to decrypt a 128Bit drive is to push out a script like this:
$BLV = Get-BitLockerVolume
Disable-BitLocker -MountPoint $BLV
This decrypts your Bitlocker volume, push this out to a group of computers. But... Exclude that group of computers of Configuration Profiles for encryption and Compliance things because that group won't be compliant anymore. After decryption, you can remove the computer from the group so that it receives the settings again and can be compliant again.
Oct 18 2023 11:59 AM
Oct 23 2023 10:32 PM
Oct 23 2023 10:40 PM - edited Oct 23 2023 10:42 PM
@Kashish_Goyal Great to hear that it works for you, haven't had customers yet where I did the startup pin. I suggest opening a new topic about this here, enough knowledge here to help you with that 🙂
Nov 02 2023 08:14 PM
Nov 02 2023 11:06 PM
Nov 05 2023 05:29 PM
Nov 05 2023 09:54 PM
Oct 17 2023 10:06 PM
Solution