question

Julienbastin-4226 avatar image
0 Votes"
Julienbastin-4226 asked Crystal-MSFT edited

Intune - BitLocker - Azure AD Joined - Script ?

Hello everyone,

I'm newbie with Microsoft Intune, and relatively new in my job.

For a client I have to migrate him from AirWatch to Intune, but I have a problem with encryption, my client would like to activate encryption silently on his devices without the pop-up. I explained him that's possible, but only if the devices are Azure AD Joined, I showed him how to do it, but the problem is : For a device to be able to join via Azure AD, it can't be joined previously via AD (On-premise), so he disconnected from Active Directory (Settings > Accounts > Access Work or School) and Disconnect button.

But when he did the manipulation, of course he couldn't access to network shared, etc.. Provided by his previous AD (On-Premise).

So I'm looking for a solution, to allow BitLocker to encrypt the devices silently and to get back the Keys to Azure AD or Intune, I was thinking about script ? To use with Intune.

Do you have a better solution ?

PS : Another problem is that if the user is joined via Azure AD and that it connects with his account : johndoe@mycompany.com some applications will not working, because my client use "special" username like SP-01 to works with some applications.

Thank you in advance, and sorry for my bad english.

mem-intune-generalazure-disk-encryption
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered Crystal-MSFT edited

@Julienbastin-4226,Thanks for posting in our Q&A. Based on our official article, to manage Bitlocker, the devices can be Azure AD joined or Hybrid Azure AD joined.
82085-image.png
https://docs.microsoft.com/en-us/mem/intune/protect/encrypt-devices#manage-bitlocker

From your description, the device we want to manage Bitlocker is joined to on premise AD. For these devices Hybrid Azure Ad join may be more suitable. We cans see more details for Hybrid Azure AD Joined devices in the following article:
https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid

To configure Hybrid Azure AD joined, we can choose one of the following methods: according to our domain type
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains

For your question, I think when we choose Hybrid Azure AD joined, the user can still use their on premise domain account to access application.

Hope it can help.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (46.2 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Julienbastin-4226,Hope things are going well. I am writing to see if there's anything unclear in our previous reply. If there's still anything else we can help. feel free to let us know.

Thanks and have a nice day!

0 Votes 0 ·

Hello,

Thank you very much for your reply.

My client will implement this solution (Hybrid Azure AD) to see if it meets his needs, if not I'll try with a script directly in Intune.

Thank you again.
Best regards.

0 Votes 0 ·
Crystal-MSFT avatar image Crystal-MSFT Julienbastin-4226 ·

@Julienbastin-4226, Thanks for the response. If there's anything we can help in the future, feel free to post in our Q&A. we are always glad to help.

Have a nice day!

0 Votes 0 ·