cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Existing / In Use / Already Encrypted W10 Devices - BL Keys to Azure AD

Stuart King
Iron Contributor

‎Mar 11 2020 02:26 AM

‎Mar 11 2020 02:26 AM

Existing / In Use / Already Encrypted W10 Devices - BL Keys to Azure AD

Hi All

 

Is there a way to port BitLocker keys on existing / in use devices that have already been encrypted (manually or outwith Intune) to Azure AD?

 

Info appreciated

830 Views
0 Likes
3 Replies
Reply
3 Replies
Thijs Lecomte

‎Mar 12 2020 07:35 AM

‎Mar 12 2020 07:35 AM

Re: Existing / In Use / Already Encrypted W10 Devices - BL Keys to Azure AD

First have a policy in place that saves the key to AAD, then you would have to force a key rotation for every device.
0 Likes
Reply
Stuart King

‎Mar 18 2020 02:39 AM

‎Mar 18 2020 02:39 AM

Re: Existing / In Use / Already Encrypted W10 Devices - BL Keys to Azure AD

@Thijs Lecomte 

 

Hey can you elaborate on this?

 

Regards

0 Likes
Reply
Thijs Lecomte

‎Mar 18 2020 04:45 AM

‎Mar 18 2020 04:45 AM

Re: Existing / In Use / Already Encrypted W10 Devices - BL Keys to Azure AD

Hi @Stuart King 

 

This would be my way of working:

- Create an Intune policy to enable encryption and store the key in AAD

- Disable the policy in the local AD

- Force a key rotation on all machines (https://www.scconfigmgr.com/2019/11/20/enable-bitlocker-key-rotation-for-intune-managed-devices/)

1 Like
Reply