- #Bitlocker recovery key windows 10 microsoft account how to
- #Bitlocker recovery key windows 10 microsoft account password
- #Bitlocker recovery key windows 10 microsoft account series
Selecting Not Configured will allow the DRA to be set up. Setting this option to Yes blocks the ability to use a data recovery agent (DRA) to recover BitLocker enabled drives. Block the use of certificate-based data recovery agent (DRA) This setting is only required in an Azure hybrid services joined scenario.Ħ. When this option is set to Yes, the recovery key will be backed up to Azure AD DS. Enable BitLocker after recovery information to store This setting does not apply to silent encryption.ĥ. Setting this option to Yes will prevent the end user from accessing recovery options such as saving the key to file or printing it out during the BitLocker setup process. Hide recovery options during BitLocker setup
It will disallow users from generating new recovery passwords manually.įor BitLocker silent encryption to succeed, this setting should be configured to Allowed or Required.Ĥ.
#Bitlocker recovery key windows 10 microsoft account password
Setting this option to Deny prevents BitLocker encryption from creating a recovery password and sending it to Azure AD. Administrative users will be allowed to create new recovery passwords manually on the device. Setting this to Allowed or Required will generate a 48-digit recovery password during BitLocker initialization and send it to Azure AD if the policy Require device to back up recovery information to Azure Active Directory is set to Yes. Setting this to Not configured means that BitLocker encryption will complete even if the recovery key backup to Azure AD fails. If configured to Yes, BitLocker will not complete until the recovery key has been saved to Azure AD. Require device to back up recovery information to Azure AD Ĭonfigure BitLocker recovery package settingsĢ.
#Bitlocker recovery key windows 10 microsoft account how to
Read this article to discover how to support rotation of the BitLocker recovery key.īitLocker key rotation remote action in the Microsoft Endpoint Manager admin center There are prerequisites that devices must meet to support rotation. Only the key used for recovery is refreshed.Īn administrator can initiate BitLocker key rotation remotely from the Microsoft Endpoint Manager admin center by navigating to Devices > Windows to select the device for the BitLocker key rotation. This option provides a method to back up recovery information to Microsoft Azure Active Directory (Azure AD) or Azure Active Directory Domain Services (Azure AD DS).Īdditionally, new password rotation functionality added in Windows 10, version 1909, allows the recovery key to refresh automatically after it is used to recover a BitLocker enabled device. Since the inception of the BitLocker configuration service provider (CSP) in Windows 10, version 1703, there’s been an option to configure BitLocker recovery on protected operating system (OS) drives.
This post walks you through BitLocker recovery options with Windows devices managed with Intune.
You can read about the reasons a device enter s recovery mode in the documentation under What causes BitLocker recovery. In the first post, we described occasions when a BitLocker-enabled device enters recovery mode.
#Bitlocker recovery key windows 10 microsoft account series
This is the fourth blog in our series on using BitLocker with Intune. By Luke Ramsdale – Service Engineer | Microsoft Endpoint Manager – Intune
0 kommentar(er)
