Blog Post

Microsoft Intune Blog
5 MIN READ

Microsoft expands BitLocker management capabilities for the enterprise

Dilip_Radhakrishnan's avatar
Dilip_Radhakrishnan
Icon for Microsoft rankMicrosoft
May 08, 2019
Microsoft is excited to announce enhancements to BitLocker management capabilities in both Microsoft Intune and System Center Configuration Manager (SCCM), coming in the second half of 2019. Whether ...
Updated Apr 02, 2020
Version 3.0
Enterprise Mobility + Security
Information Protection.
microsoft intune
Modern Desktop
Unified Endpoint Management
TodFrancis's avatar
TodFrancis
Copper Contributor
Oct 06, 2020

Have I missed something, or have these features not been released?

 

We have been using MBAM to escrow recovery keys.  Due to MBAM support ending we need to migrate to Azure AD.  We are already running in a mixed MBAM/Azure AD mode due to InTune provisioning for new clients.  We could script all clients to backup their keys to Azure AD, but this doesn't address clients who are not regularly checking in, and especially doesn't address any clients which have been kept for legal hold reasons.  

 

I am also unable to find any information on recovery key access auditing for Azure AD stored keys, only this under-represented UserVoice request: https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/39903610-audit-log-for-accessing-bitlocker-recovery-keys-in.  I understand MBAM extended support goes until 2026, but it would be great if customers were provided migration paths that offered what we need from a legal/audit perspective.