![]() ![]() What if you already have your drives encrypted, and now want to improve the process of recovering information? As always - PowerShell to the rescue. This doesn’t introduce the cost of MBAM or SCCM. use Intune and encrypt user device AND store the password in Azure Active Directory with self-service key recovery feature.This also ensures that encryption won’t start if recovery key failed to be backed up to AD. ![]() This can be configured here: Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Store BitLocker recovery information in Acive Directory Domain Services. use GPO to encrypt end user device AND store the password in Active Directory.save to a file - either usb stick or unc share.If you’re planning to implement BitLocker into your organization (or already have that), it’s good to know what’s the choice of storing the recovery password: It’s better to have the restore verified as well. Ways to get BitLocker recovery key information to AD and Azure ADīitLocker is like backup.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |