Looking for:
How to Azure AD Join a Windows 10 Home device? - Microsoft Q&AHow to join a Windows 10 computer to your Azure Active Directory - Xenit - 28 Comments
When joining a computer to AAD either manually or by using a provisioning package, Bitlocker will be enabled automatically if your device has the necessary prerequisites.
However in the case that Bitlocker is disabled this is how you enable Bitlocker, save the Bitlocker Key Protector to ADD also known as the recovery key and recover the key in the case you need it. So this blog post is both for the end-user and IT-pro I guess. In this scenario we have configured a Device Compliance Policy in Intune where we require Encryption of data storage on devices and sent the policy to all Mobile Users.
Like so…. Now, from the user side, they will receive a notification that their device is not compliant with company policy and that Encryption is needed. Click on the notification to start Encryption process. Make sure that you save the recovery key to your cloud account. You will be notified that the recovery key is saved. Start encryption and go to a long lunch. This can take some time… But know that you can work as normal alongside the encryption process.
Now the encryption process is done and your data is secure. But how do we recover the drive in the case where we loose access to it. Well the key is stored in AAD and can be recovered easily by the end-user itself or by an administrator.
Go to Users and Groups and search for the user. And there you Go. There is no way to automate the Encryption process from Intune. But I hope we at some point will be able to execute PowerShell scripts, where we could automate the process.
If you want to experiment with PowerShell here is the script I created. It works and it simply does the same as the manual step above. Stay tuned for more posts. The venet log says successfully backed up. But how can we then access the recovery key? Any ideas? Have you found a way to get a recovery key via PowerShell?
I have done the bitlocker encryption policy and successfully pushed the policy on Windows 10 machines. The recovery key will be uploaded to AAD computer object when the User starts the encryption process. For allways on-connected-standby devices it will happen when they do the Azure AD Join.
Your solution seems to assume that KeyProtector[1] is the recovery password. I think this would be better:. I have on-premises environment, and machines are sync to Azure AD. And no recovery keys are shows at both devices.
Is that possible to export a report for all users in AzureAD that their bitlocker recovery keys have been uploaded to Azure AD or not? Very good article. Perhaps You have thoughts on this? Great content useful for all the candidates of Windows Azure Training who want to kick start these career in Windows Azure Training field. Great Article. Thanks for sharing info. Digital Marketing Course in Hyderabad. Is there a way of kicking off encryption using azure and bit locker during the imaging process for a new or reimaged machine instead of waiting for GP to see the machine?
Before we rolled out Intune we could retrieve the Bitlocker Keys over the portal. Now the only show under devices for admins. Thanks for sharing this valuable information to our vision. You have posted a trust worthy blog keep sharing. First You got a great blog. I will be interested in more similar topics. I commend you for your excellent report on the knowledge that you have shared in this blog. Your post is helping me a lot. Its really nice and epic. Thanks a lot for the useful info on this topic.
You did it so much well. I love to see more about GBWhatsApp. Keep sharing and updating. Also share more posts with us. Thank you. She is one of the young and dynamic doctors of Hyderabad. Sreemanju hospital advanced cancer treatment and care using the latest equipment and technology.
Oncology Hospital in Hyderabad. Previous Next. View Larger Image. Like so… Now, from the user side, they will receive a notification that their device is not compliant with company policy and that Encryption is needed. Make sure you do not have any other Device Encryption software installed and click Yes.
Choose the new Encryption mode which is Xts Aes Start encryption and go to a long lunch. Confirm that the encryption process is complete. By Marius A. About the Author: Marius A. Other parts of my work consists of speaking and presenting at different events and seminars, doing research and blog about solutions I find and products I work with.
I truly believe in a strong community where knowledge and know-how is essential. Creating creative arenas where it is possible for peers to spread the word about new technologies and solutions is key and as an act on this I co-founded System Center User Group Norway www. Related Posts. Tobi April 26, at Nice Posting and nice cmdlet! Mike M. June 29, at URL September 6, at Thanks, Uday.
Marius A. Skovli November 15, at Paul Wetter April 26, at Hugoadmin May 11, at Peter May 29, at Kevin August 23, at Sergei August 27, at Rob May 6, at Chris August 30, at LandMark Hospital March 1, at Steve McKee September 2, at Ken October 20, at Chandu February 5, at Divya March 24, at Thank you for sharing this valuable content.
Aastha Bahl October 28, at Chandu Chinnu November 23, at ABR Hospital April 12, at Thanks a lot for the information.
Why Should I Care About Joining a Windows 10 Device to Azure AD? - Directions Training.
The next step is to reconnect to a network and join the system to Azure AD using the account with a valid subscription applied. Windows 10 client cannot sync with MDM. Login into an aad-joined windows 10 computer with SAML 2. Google Federated Azure users can't log in to Windows Skip to main content.
Find threads, tags, and users How should I join this Windows 10 Home? Thank you! Comment Show 0. Current Visibility: Visible to all users. Windows 10 Home edition cannot be joined to a domain. Hi, As Dave mentioned, Windows 10 Home edition cannot be joined to a domain. Many thanks! Sorry for the misdirection. You can provide this feedback using link at page bottom here. Can someone shed some light on this please?
But if your users can sign up for a Pandora or iTunes account and seriously, we know they can they can join Azure AD. Users can use the Office accounts to sign into the computer now! Up until this Azure Active Directory join development, your users had to sign into their computers using either a domain, local, or Microsoft personal account, and then sign in AGAIN the horror!
The horror! Single Sign-on SSO is also supported in Azure Active Directory for a lot of SaaS applications out there, so your Office users will only need to sign in once and away-yay-yay they go! Because what do your users need? One more user name and password to forget so you can reset it so they can forget it again in two weeks? Or the ability to just bounce over to something like SalesForce.
Toggle Sliding Bar Area. New Offering! Learn More.
Comments
Post a Comment