This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 79%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Hello everyone,
I'm newbie with Microsoft Intune, and relatively new in my job.
For a client I have to migrate him from AirWatch to Intune, but I have a problem with encryption, my client would like to activate encryption silently on his devices without the pop-up. I explained him that's possible, but only if the devices are Azure AD Joined, I showed him how to do it, but the problem is : For a device to be able to join via Azure AD, it can't be joined previously via AD (On-premise), so he disconnected from Active Directory (Settings > Accounts > Access Work or School) and Disconnect button.
But when he did the manipulation, of course he couldn't access to network shared, etc.. Provided by his previous AD (On-Premise).
So I'm looking for a solution, to allow BitLocker to encrypt the devices silently and to get back the Keys to Azure AD or Intune, I was thinking about script ? To use with Intune.
Do you have a better solution ?
PS : Another problem is that if the user is joined via Azure AD and that it connects with his account : johndoe@mycompany.com some applications will not working, because my client use "special" username like SP-01 to works with some applications.
Thank you in advance, and sorry for my bad english.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Julien bastin ,Thanks for posting in our Q&A. Based on our official article, to manage Bitlocker, the devices can be Azure AD joined or Hybrid Azure AD joined.
https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#manage-bitlocker
From your description, the device we want to manage Bitlocker is joined to on premise AD. For these devices Hybrid Azure Ad join may be more suitable. We cans see more details for Hybrid Azure AD Joined devices in the following article:
https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid
To configure Hybrid Azure AD joined, we can choose one of the following methods: according to our domain type
https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains
https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains
For your question, I think when we choose Hybrid Azure AD joined, the user can still use their on premise domain account to access application.
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Julien bastin ,Hope things are going well. I am writing to see if there's anything unclear in our previous reply. If there's still anything else we can help. feel free to let us know.
Thanks and have a nice day!
Hello,
Thank you very much for your reply.
My client will implement this solution (Hybrid Azure AD) to see if it meets his needs, if not I'll try with a script directly in Intune.
Thank you again.
Best regards.
@Julien bastin , Thanks for the response. If there's anything we can help in the future, feel free to post in our Q&A. we are always glad to help.
Have a nice day!