Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Intune

Support Endpoint Protection on Windows 10 Pro

Simple really. Windows 10 Pro supports bitlocker. Therefore if we're paying for Intune, it seems reasonable to be able to manage bitlocker on those devices.

239 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • sso
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    J Crowley shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    28 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Tyler Klobassa commented  ·   ·  Flag as inappropriate

        There is a license SKU that you can use to elevate Windows 10 Pro to Windows 10 Enterprise for enrolled devices - this would allow you to configure the Windows 10 Endpoint Protection Policy for BitLocker to your devices.

      • Dan C. commented  ·   ·  Flag as inappropriate

        It is still not working. I thought it was supposed to work with windows 10 1809 Pro. But it's still not. I worked with support on this, and as soon as we change the licence key to an enterprise licence, all bitlocker options appears, especiallay the one for the pin code at startup !
        So please, make it work !

      • JB commented  ·   ·  Flag as inappropriate

        It wasn't implied that your BitLocker deployment method works for all scenarios...

        If you need to configure a Startup PIN (or pass, etc.) due to lack of a TPM then sure, you may still be SOL.

        But anyway regardless, BL will self-activate on 1803 now *with standard users* which is the major improvement in this space that 1803 on AutoPilot brings. Very likely many folks are not aware of this.

      • Anonymous commented  ·   ·  Flag as inappropriate

        @ JB
        doesn't work for all scenarios.
        We have used Autopilot to specify that the users are standard and not local admin, our devices also dont have TPM chips. So we need to use a CSP to enable bitlocker, and this isnt supported.

      • JB commented  ·   ·  Flag as inappropriate

        As one of the previous complainants on this topic, I do want to post an update.

        With the upgrade to Windows 10 1803, BitLocker will self-activate if it's configured to do so in Intune. I am not positive if it's due to the Device Restrictions configuration profile or the Endpoint Protection profile but either way, it's working now.

        We anticipated this since it was an advancement our organization was looking to get from improvements to the AutoPilot process on 1803, and it is panning out.

        Granted, I don't think we can manage the BitLocker configuration yet (e.g., require Startup PIN and so on, but I haven't re-tested since we moved to 1803) but that is of much lesser importance than the simple ability to activate BitLocker, which may now work for many of you if you move to 1803.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Simple really. Windows 10 Pro supports bitlocker. Therefore if we're paying for Intune, it seems reasonable to be able to manage bitlocker on those devices.

        ^^^^^^^^
        Agree with this so much! Paid for my Win 10 OS license, which includes bitlocker functionality, pay for intune licensing, which includes bitlocker functionality, in CSP's and configuration profile..... but for them to work together, have to pay a premium!?

      • JB commented  ·   ·  Flag as inappropriate

        BitLocker on 1803 is now self-activating, many of you may find the same thing.

      • Andrew commented  ·   ·  Flag as inappropriate

        Ah, finally figured out why none of my Intune settings were having any affect on my computers after a few days of encrypting and unencrypting drives. My organization buys or upgrades all of our computers to Pro exclusively for the Bitlocker capability. Apparently it doesn't come with the full product and our information security will suffer as a result. Very disappointing.

      • Anonymous commented  ·   ·  Flag as inappropriate

        This is simply crazy, could be a deal breaker and may end up using an alternative MDM solution because of this.

      • Andrew commented  ·   ·  Flag as inappropriate

        Yes, we got caught out on this too. We have started fresh with the new InTune console for an SMB customer and were surprised to find that Win 10 Pro is not supported fully for Bitlocker profiles.

      • JB commented  ·   ·  Flag as inappropriate

        Agreed. I don't see why you cannot control this on Pro.

      • Safa commented  ·   ·  Flag as inappropriate

        We have multiple clients that are running into issues where we are not able to manage their systems via the Azure Intune. We have to login to each computer one by one and check on the status of the Windows Defender scans because we keep getting false positives. This has brought our IT services to a complete snails pace. This needs to be escalated since your support told us to migrate from the Silverlight version of Intune to Azure Intune since Silverlight will not be supported.

      • KumoJosh commented  ·   ·  Flag as inappropriate

        How are we supposed to migrate from the Silverlight version of Intune to Azure Intune when Windows 10 Pro is not supported?! Any advice Microsoft?! You have decided to deprecate the current Intune but yet you are not supporting Windows 10 Pro for the Azure version. SMBs do not have Windows 10 Enterprise FYI. I think you are going to lose some customers from this decision.... just saying. I would bump this to the top of your backlog.

      • CDS commented  ·   ·  Flag as inappropriate

        This is crazy signed up to EMS+3 with the misguide purpose of protecting our business to find that many feature don't work with Windows 10 Pro. Microsoft why do continue to frustrate your user base ? Not every business is a fortune 500 with enterprise desktops. Get real

      ← Previous 1

      Feedback and Knowledge Base