If the prerequisites are fulfilled, all we need is a Windows 10 device manged by Intune and an Endpoint protection profile to configure the BitLocker settings. How can we configure BitLocker key rotation with Intune now? The main difference here is, that during this process all existing recovery passwords will be deleted, and a single new recovery password will be set and a backup is written to Azure AD. In addition to the automatic rotation, Intune got the ability to trigger a BitLocker Key rotation manually from the Intune web portal. The newly generated recovery password will be securely stored in Azure AD as well. Other recovery passwords will remain unchanged. This automatic rotation will refresh only the recovery password which was used to unlock during BitLocker recovery. The OS recovery can be done either by bootmgr or via WinRE.
First of all we need to configure our devices to actually perform client-driven recovery password refresh after an OS drive recovery or unlock of a fixed data drive. In this article we have a look how this actually works. It is a long awaited feature and closes the feature gaps in the cloud managed BitLocker solution. At Ignite 2019 Microsoft announced BitLocker key rotation for Intune managed Windows 10 devices.
0 kommentar(er)
