Search

MC667125 – (Updated) Plan for Change: Update to BitLocker Recovery Key Process for Windows Autopilot (archived)

Intune Icon

check before: 2023-08-26

Product:

Azure Active Directory, Entra, Entra ID, Intune

Platform:

World tenant

Status:

Change type:

Admin impact, Feature update, Updated message, User impact

Links:

Details:

Updated August 17, 2023: The content below has been updated for clarity.
Microsoft Intune will be changing how BitLocker resets occur for re-used Windows Autopilot devices in the September (2309) service release. Previously, users could self-service access the BitLocker recovery key when re-using devices that have been configured through Windows Autopilot. However, after the change, users will need to contact their IT admin to request a restore or access to the BitLocker recovery key.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2023-08-12

updated:
2023-08-18

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2023-08-18MC prepareTo ensure a smooth transition, please notify your helpdesk of this change. Additionally, update your documentation to one of the following options:
Temporarily note the BitLocker recovery key prior to a restore as documented BitLocker recovery guide - Windows Security | Microsoft Learn.
Contact the helpdesk or IT Admin to unlock self-service access.
https://learn.microsoft.com/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan#give-the-user-the-recovery-password
To ensure a smooth transition, please notify your helpdesk of this change. Additionally, update your documentation to one of the following options:

Temporarily note the BitLocker recovery key prior to a restore as documented BitLocker recovery guide - Windows Security | Microsoft Learn.

Contact the helpdesk or IT Admin to unlock self-service access.
https://learn.microsoft.com/en-us/autopilot/windows-autopilot-reset#reset-devices-with-remote-windows-autopilot-reset
https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan#give-the-user-the-recovery-password
https://learn.microsoft.com/mem/intune/remote-actions/find-primary-user#change-a-devices-primary-user
2023-08-18MC MessageTagNamesFeature update, User impact, Admin impactUpdated message, Feature update, User impact, Admin impact
2023-08-18MC Last Updated08/12/2023 05:31:372023-08-17T23:15:18Z
2023-08-18MC MessagesMicrosoft Intune will be changing how BitLocker resets occur for re-used Windows Autopilot devices in the September (2309) service release. Previously, users could self-service access the BitLocker recovery key when re-using devices that have been configured through Windows Autopilot. However, after the change, users will need to contact their IT admin to request a restore or access to the BitLocker recovery key.Updated August 17, 2023: The content below has been updated for clarity.
Microsoft Intune will be changing how BitLocker resets occur for re-used Windows Autopilot devices in the September (2309) service release. Previously, users could self-service access the BitLocker recovery key when re-using devices that have been configured through Windows Autopilot. However, after the change, users will need to contact their IT admin to request a restore or access to the BitLocker recovery key.
2023-08-18MC TitlePlan for Change: Update to BitLocker Recovery Key Process for Windows Autopilot(Updated) Plan for Change: Update to BitLocker Recovery Key Process for Windows Autopilot
2023-08-18MC How AffectIT admins will continue to have full access to recovery keys both before and after this change. However, after this change, the IT admin will need to explicitly allow access to the self-service BitLocker recovery key on a per-user basis. If an IT admin is re-issuing a Windows device to a new user, they should update the user within Azure AD and Intune, and also authorize self-service BitLocker recovery.
User impact: This change will only affect users who have been allowed self-service recovery of BitLocker keys during Autopilot, specifically in the case of a device restore or reset.
IT admins will continue to have full access to recovery keys both before and after this change.
User impact: This change will only affect new primary users of the Autopilot device who have been allowed self-service recovery of BitLocker keys to that device. Note: There is no impact if the devices’ primary user does not change across the device restore or reset.
Self-service BitLocker access will continue to work the same if the IT admin performs either:
A remote Autopilot Reset (see Reset devices with remote Windows Autopilot Reset).
Remove the current primary user or reassign to the new intended primary user prior to the device being reset or reimaged (see Change a device's primary user).
If the new primary user is unable to access BitLocker self-service after changing from a previous primary user, then the IT admin should update the primary user in the device properties which will update to the new user upon the next check-in.

*starting April 2022

Last updated 6 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!