Intune Bitlocker Encryption

Brass Contributor

We have set up a policy for disk encryption to encrypt devices within a group scope using bitlocker. The devices are Hybrid Entra ID joined and enrolled to Intune using device credentials as we have co-management setup with SCCM. Recovery Keys are stored in AAD.

Sometimes certain users mistakenly can encrypt devices manually from Bitlocker management on the device itself or using third party tools such as cisco anyconnect, This does not store the recovery key in Azure which in case recovery screen is triggered will render the device useless and need a re-image.

My question is, How to do we block any sort of Bitlocker Encryption Outside of the Intune policy as this is important for consistent behaviours.

0 Replies