If you enroll a Windows 10 device in Microsoft Intune you can manage this device as a Mobile Device, hence the name Mobile Device Management (MDM). And of course you can do all sorts of fantastic things with it!
You can trow policies at the device, configuration items, software, updates et cetera et cetera!
And most of this can be done transparant (i.e. invisible) to the user of this device.
But sometimes it good to show something to a user. Recently I was in a little discussion with a collegue about enabeling Bitlocker on a managed device. Of course you should do it when preparing a device, but this was a migration and the devices where not Bitlockered 🙁
So you can do this invisible, but I stated that it would be a GOOD thing to show the user that the drive would be encrypted so they know that their data is protected.
So and how does this look like?
So first the user is informed that his or her device needs to be encrypted.
And if the user clicks on the flyout or message a Bitlocker Wizard starts.
It could be that the device the user is using doesn’t meet the requirements of Bitlocker. Found here: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq
And then this baby will pop-up!
But if we are all set and good to go we can continue with the wizard. Backing up the recovery key. I can say that the first option – Save to your cloud domain account is by far the best option!
Saving the key 🙂
To encrypt your disk you have tweo options, self-explaning I think!
And off we go!
You can monitor the progress
And if you close the screen above, well you find the progress in the taskbar. Nice.
And after a while, it’s pretty quick on those nice SSD’s, your disk is encrypted. Safe.