How to configuring Disk Encryption Recovery Backup in Entra ID Using Endpoint Security Policy Template

Question

The policy template in Endpoint security | Disk encryption doesn’t provide an option to back up the recovery information in Entra ID instead of AD DS. It looks like the policy template has recently changed and is now missing the backup options to Entra ID. Could you please provide guidance on how to configure this with the current template using Intune?

Endpoint security | Disk encryption only list AD DS options:

Using a policy template -> Endpoint offer Entra ID options:

Answer 1

Hi @Matthew Roll ,

Thank you for posting your query on Microsoft Q&A. I am Saiteja from Q&A will be assisting you with your query.

Based on your query, I understand that you would like to enable the Disk encryption using Microsoft Intune and save it to Microsoft Entra ID.

I believe this option comes up when you have enabled any GPO in your active directory to save the bit locker in your ADDS. This GPO generally configured using these steps: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption, Enable the policy Store BitLocker recovery information in Active Directory Domain Services (AD DS). You can disable the policy and follow our new documents of Microsoft Intune: https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices

This is the newest documents and are the options currently available with Microsoft Intune. You can also find what's new in Microsoft Intune using this document: https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new#new-disk-encryption-template-for-personal-data-encryption

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment".