Forum Discussion
Intune Manage Windows 10 Encryption without admin rights
Douglas, this is something that we are looking at also, and the UAC prompt is annoying! ha.
Powershell is what I was thinking, but let us know how you get on with your support case, may be worth seeing if you can get a Design Change Request (DCR) completed for this as I'm assuming there are numerous others wanting to do this seamlessly
Hi,
it seems you are looking for a solution like this:
Hardware independent automatic Bitlocker encryption using AAD/MDM
This can run in standard user configurations also.
But maybe we will get something in Win10 Version 1803 for BitLocker... did you check the latest Insider Preview?
Information regarding a change in behavior of BitLocker and next Windows 10 Version is available on docs:
https://docs.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp
AllowWarningForOtherDiskEncryption
Allows the Admin to disable the warning prompt for other disk encryption on the user machines.
Important
Starting in Windows 10, next major update, the value 0 can only be set for Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0.
If AllowWarningForOtherDiskEncryption is set to 0 on a 1803 enterprise device, will it assume defaults for the other settings?
Also does this value being 0 have any relationship to computers wanted to reset TPM after the upgrade to 1803?
Hi Neil,
yes it will assume defaults for the other settings.
Regarding a reset of TPM after 1803 upgrade I'm not sure I didn't test it extensively and my tests were on 1709. So no experience with this setting after an upgrade. But for a logical conclusion I would assume it shouldn't impact the TPM during upgrade. As you normally start from a 1709 BitLocker enabled device and the upgrade is BitLocker aware and does only a suspend and re-enable. Imho this setting should not influence an upgrade but I can't say for sure.
best,
Oliver
