This looks to be resolved with Windows 10 1809.
Silent BitLocker and Windows RE status remains enabled.
When you enable BitLocker it will present the following message: "You will no longer be able to use Windows Recovery Environment if you enable Bitlocker".
At this point the recovery partition is no longer available. If you manually try to reset the machine via: Settings > Update & Security > Recovery > Get Started > Remove everything
You will get the message:
Could not find the recovery environment.
However, it looks like if you run:
reagentc /enable (deploy via GPO or SCCM, needs to be run as admin)
It will create a recovery partition after you have enabled BitLocker. Tested this with 1709 and has worked on one machine.
You could run into trouble with the sizing of the partition as per:
Will test this with additional machines and will provide an update
Can you please advise on this?
We are using 1809 with hybrid join and as per the problem statement, this is confusing for deployment.
The keys are stored in local AD rather than AAD or the user AAD profile.
Can Quick Assist also be locked down to specific users? I find it out that anyone in the world can connect to corporate devices via Quick Assist
Thanks for the comments, just a few questions to the gallery.
What platform is this issue with. I’m only seeing IOS devices in your comments, so wanted to double check.
Also, are you having this issue with shared devices or just re-deployment? Unclear from all the comments. Do you want to keep all installed apps on the devices? Depending on your platform, you should be able to already do this for shared devices.
Windows 10 devices as well please. Also when using the DEM account, I should then be able to assign this to the end-user
Yep concur with this... the only workaround is to change the name of the OMA-URI from .../Office16ADMX to .../Office16ADMX2.
This will then apply new settings added to the string... however, it does not remove existing settings if they are no longer listed. Not sure what is does to existing settings that remain, which might have had GPO settings changed.
Also, what are the implications with the new Administrative Templates features which was discussed at Ignite: https://oliverkieselbach.com/2018/09/29/ignite-2018-my-wrap-up/
If I implement the Office 2016 ADMX ingestion, will the settings clash with the new feature update?
Seems very beta all of this... the only way I can truly update an ADMX policy today is to delete the keys listed under:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Admxinstalled
Any update on this? As stated, if we are looking to move to the internet to deploy and patch Office 365, what is the method of ensuring that we do not flood the network?
I appreciate that the download sizes are minimized as per:
However, if you have 1,000 devices all connecting out on the same internet pipe this isn't a great scenario.
Is there any update on this? There is an unnecessary additional cost to the business to allow users to administer Intune when using RBAC.
3 votesbally shared this idea ·