MC667125 – (Updated) Plan for Change: Update to BitLocker Recovery Key Process for Windows Autopilot

Intune Icon

check before: 2023-08-26

Product:

Entra ID, Intune

Platform:

World tenant

Status:

Change type:

Admin impact, Feature update, Updated message, User impact

Links:

Details:

Updated August 17, 2023: The content below has been updated for clarity.
Microsoft Intune will be changing how BitLocker resets occur for re-used Windows Autopilot devices in the September (2309) service release. Previously, users could self-service access the BitLocker recovery key when re-using devices that have been configured through Windows Autopilot. However, after the change, users will need to contact their IT admin to request a restore or access to the BitLocker recovery key.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2023-08-12

updated:
2023-08-18

the free basic plan is required to see all details. Sign up here

A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

Login
Get a Plan

changes*

DatePropertyoldnew
2023-08-18MC prepareTo ensure a smooth transition, please notify your helpdesk of this change. Additionally, update your documentation to one of the following options:
Temporarily note the BitLocker recovery key prior to a restore as documented BitLocker recovery guide - Windows Security | Microsoft Learn.
Contact the helpdesk or IT Admin to unlock self-service access.
https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan#give-the-user-the-recovery-password		To ensure a smooth transition, please notify your helpdesk of this change. Additionally, update your documentation to one of the following options:

Temporarily note the BitLocker recovery key prior to a restore as documented BitLocker recovery guide - Windows Security | Microsoft Learn.

Contact the helpdesk or IT Admin to unlock self-service access.
https://learn.microsoft.com/en-us/autopilot/windows-autopilot-reset#reset-devices-with-remote-windows-autopilot-reset
https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan#give-the-user-the-recovery-password
https://learn.microsoft.com/mem/intune/remote-actions/find-primary-user#change-a-devices-primary-user
2023-08-18MC MessageTagNamesFeature update, User impact, Admin impactUpdated message, Feature update, User impact, Admin impact
2023-08-18MC Last Updated08/12/2023 05:31:372023-08-17T23:15:18Z
2023-08-18MC MessagesMicrosoft Intune will be changing how BitLocker resets occur for re-used Windows Autopilot devices in the September (2309) service release. Previously, users could self-service access the BitLocker recovery key when re-using devices that have been configured through Windows Autopilot. However, after the change, users will need to contact their IT admin to request a restore or access to the BitLocker recovery key.Updated August 17, 2023: The content below has been updated for clarity.
Microsoft Intune will be changing how BitLocker resets occur for re-used Windows Autopilot devices in the September (2309) service release. Previously, users could self-service access the BitLocker recovery key when re-using devices that have been configured through Windows Autopilot. However, after the change, users will need to contact their IT admin to request a restore or access to the BitLocker recovery key.
2023-08-18MC TitlePlan for Change: Update to BitLocker Recovery Key Process for Windows Autopilot(Updated) Plan for Change: Update to BitLocker Recovery Key Process for Windows Autopilot
2023-08-18MC How AffectIT admins will continue to have full access to recovery keys both before and after this change. However, after this change, the IT admin will need to explicitly allow access to the self-service BitLocker recovery key on a per-user basis. If an IT admin is re-issuing a Windows device to a new user, they should update the user within Azure AD and Intune, and also authorize self-service BitLocker recovery.
User impact: This change will only affect users who have been allowed self-service recovery of BitLocker keys during Autopilot, specifically in the case of a device restore or reset.		IT admins will continue to have full access to recovery keys both before and after this change.
User impact: This change will only affect new primary users of the Autopilot device who have been allowed self-service recovery of BitLocker keys to that device. Note: There is no impact if the devices’ primary user does not change across the device restore or reset.
Self-service BitLocker access will continue to work the same if the IT admin performs either:
A remote Autopilot Reset (see Reset devices with remote Windows Autopilot Reset).
Remove the current primary user or reassign to the new intended primary user prior to the device being reset or reimaged (see Change a device's primary user).
If the new primary user is unable to access BitLocker self-service after changing from a previous primary user, then the IT admin should update the primary user in the device properties which will update to the new user upon the next check-in.

*starting April 2022

Last updated 1 month ago

Related Posts:

  • Intune Icon
    144585 - Microsoft Intune: Bitlocker end user key retrieval     26. July 2023 Endpoint Management check before: 2023-10-01 Product: Intune Platform: US Instances, Web, Windows Desktop, World tenant Status: In development Change type: Feature update, Admin impact Links: Details: As an end user, you can view the BitLocker recovery key…
  • cloudscout.one Icon
    167539 - Windows 365: Cross-region disaster recovery (BCDR)     7. September 2023 Endpoint Management check before: 2023-12-01 Product: Windows 365 Platform: Web, Windows Desktop, World tenant Status: In development Change type: Feature update Links: Details: Windows 365's cross-region BCDR capability will enable customers to achieve greater data resilience by…
  • Intune Icon
    MC588316 - Plan for Change: Intune adding support for…     15. June 2023 Administration *For this entry exists the more relevant or more recent entry MC664087 check before: 2023-06-29 Product: Intune, Microsoft 365 admin center, SharePoint, Windows Platform: US Instances, Windows Desktop, World tenant Status: Change type: Admin impact…
  • Intune Icon
    MC664087 - Plan for Change: Intune adding support for…     2. August 2023 Administration check before: 2023-08-11 Product: Intune, Microsoft 365 admin center, SharePoint, Windows Platform: US Instances, Windows Desktop, World tenant Status: Change type: Admin impact Links: MC588316 Details: Previously communicated in MC588316, Intune uses the Windows Device…
  • Outlook logo
    124984 - Microsoft Purview Information Protection: Use…     28. June 2023 Compliance *For this entry exists the more relevant or more recent entry MC611732 check before: 2023-08-01 Product: Microsoft 365 Apps, Outlook, Purview Communication Compliance, Purview Double Key Encryption, Purview Information Protection Platform: US Instances, Windows Desktop,…
  • Microsoft Teams logo
    MC669477 - (Updated) Avatars: Hardware Requirements and…     22. August 2023 Administration check before: 2023-09-05 Product: Microsoft 365 admin center, Microsoft 365 suite, Teams Platform: World tenant Status: Change type: Admin impact, Updated message, User impact Links: Details: Updated August 30, 2023: We have identified that this…

Leave a Reply

Share to MS Teams

cloudscout.one

Consolidated Microsoft 365 Roadmap and Message Center analysis for Office 365 operations and change management.

Support

Schierding.one GmbH

Alleenstraße 16
78549 Spaichingen
Phone: +49 (0)7424 60899-09
E-Mail: info@schierding.one
Amtsgericht Stuttgart (HRB 767585)
USt-ID DE321821109

Legal:

Privacy Policy

Imprint

FAQ

Login to your account

Welcome Back, We Missed You!