More and more we have clients who are getting all they need from Office 365 services. They no longer need servers or Active Directory. We often see the need to deploy BitLocker to these machines, which is currently a fairly manual process. I'd like InTune Standalone to be able to deploy and manage BitLocker without Active Directory or an Enterprise Agreement. Even if we had to pay a couple extra bucks per user, it would be 100% worth it. The other supposed cloud-based full disk encryption products are not very good, so I think it's a big opportunity to make a big change in the security world.
Totally agree. This is critical piece of requirement considering enterprise security when managing devices via Intune. Appreciate if MS can hasten some work in this area
Yes! We have a cloud first model, and integrating MBAM features with Intune/Azure would be excellent.
Whole disk encryption is very high on our list of requirements for endpoint compliance, and with no way to accomplish this with Intune we are forced to look elsewhere for the time being.
Chris Moore commented
Agreed... Merging the functionality of MBAM into Intune with AAD would be perfect for this.
Make this happen ASAP.
Losing in a potentially valuable space.
Dmitry Gladyshev commented
Thanks for posting a link, really cool solution.
Do you have any progress with packing to MSI?
If yes - please share how to, would be very appreciated.
Alan Dooley commented
A workaround here...
Not tested yet as I need to wrap the PS into an MSI in order to make it work with W10 MDM only.
Alan Dooley commented
Appalling that this is not possible now. Even though manage-bde cannot write to AAD it wouldn't be that hard for the Intune agent to gather the recovery key and store it somewhere. I'd like to move to MDM for about 1,000 laptops but without this I cannot do it. Barely any devices support instant go and I'm struggling to understand why it is a pre-req.
We need both the manage-bde or other ways to enable bitlocker when we join aad and intune if we do nto have intstantgo
This is much needed, both to enforce bitlocker and monitor compliance of all PCs. That's really feel strange when we can do it for non-microsoft mobile devices but not with their own OS.
We've implemented Azure AD Join with automatic BitLocker encryption. This automatically writes the recovery key into Azure AD for the user. Unfortunately this is only possible for at least "InstantGo" devices.
The manage-bde.exe (which is the command line utility for BitLocker management) has no option to write the Recovery key to Azure AD, otherwise we were able to do this for non-InstantGo devices also.
This is a feature we are after too. We are comparing InTune with Meraki who offers this service for FileValt and we love it. I would like to see InTune step up and at least provide encryption support through Bitlocker. I would also like FileValt but that may be another thread.
We currently have MBAM for key management but it would be extremely nice to support this for off-site clients.
Aaron Houdeshell commented
We have a requirement that all of our laptops have bitlocker encryption turned on. It would be nice if Intune could report to us which devices for some reason have it turned off, without the device having to be enrolled into Intune as mobile device. Bitlocker is a Microsoft product, why cant the Intune client already installed on the devices report this? This would make Intune the one stop application for us. Thanks
Marc V commented
We are in Trial using Intune and so far we are liking the product as well as support but this is the first major drawback we hope gets added in.
We currently use SCCM/AD to monitor and mange bitlocker. We use AD to store our bitlocker keys but we use SCCM to create custom collections/reports to monitor and act on managed devices that are compliant or non-compliant.
We are a smaller organization so we are trying to just use Intune standalone by itself to manage our devices without a SCCM hybrid solution and a bitlocker management feature would greatly help in doing that.
We hope it gets added!
Ryan Sheldon commented
While we currently utilize BitLocker with Active Directory, being able to lessen our dependence on the on-premises servers and move these features to the cloud would help. Having BitLocker integration with Intune would allow us to maintain encryption on our remote endpoints without worrying about key storage/recovery or encryption compliance.
Aaron Marks commented
We want this too.
I need this ability too! Is it available yet in the current version of Intune?
I need the ability to audit whether or not all fixed (non removable) disk drives are encrypted. Additionally being able to capture the encryption keys centrally would be a nice to have.