This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 66%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
So we are enrolling all out computers into intune. They have on prem bitlocker enabled. If we duplicate the bitlocker policy we have in gpo in intune do we need to do anything on the currently bitlockered machines to be able to view and rotate keys on those devices
Not really, but once you switch to Intune, you will need to un-assign the GPO or else there will be conflicts.
Hello Rahul, Thank you for the answer. Once we disable the gpo and enact the endpoint security policy will the old keys show or will we need to rotate the key to get it to appear In entra and intune for already encrypted device?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Michael Steszewski, Thanks for posting in Q&A. To move BitLocker to Intune, we can upload their Bitlocker info to Microsoft Entra ID, deploy BitLocker policies using Intune and turn off the GPO. As a note, please ensure the encryption methods match. Here is a link with more details for your reference:
Note: Non-Microsoft link, just for the reference.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.