I have setup Bitlocker for my AD Domain joined Windows 10 Pro laptop clients to turn on Bitlocker.
I have even configured the recovery key to be stored against the machine name in ADUC.
However, I have noticed, there is nothing to stop local admins of the laptop from stopping Bitlocker.
Has anyone come across this as once stopped , my GPO doesn't seem to force it back on.
Any advice would be helpful.