We have MECM version 2010 and Co-Management enabled.
Also Windows 10 bare metal deployment Task Sequence deployment is already in place and working fine.
We do prepare the MECM imaging in our store location and then upon system is ready (without encryption as of now), we give it to the end user.
However recently we have completed the Intune BitLocker Encryption testing on Co-Managed systems testing.
Now, we need to give the system with Intune BitLocker encrypted ready to the end user.
I would like to know your suggestions in minimizing the duration of the readiness of the system (Imaged system with TS + Intune BDE)
We see the lot of time and wait period in below steps:
- Complete the online imaging from MECM Task Sequence
- Wait till the system becomes Co-Managed
- Add the system into "Co-Management BitLocker Workload Collection" (as we don't want BDE for all Co-Managed systems, hence separate pilot collection created))
- Add the hostname into "BitLocker Encryption Policy" security group in Intune
- Wait for the encryption policy to sync and complete the encryption
Also in this process, we have doubt - As this process is being completed by engineers domain ID, then post giving the system to end user; will end user can see the recovery keys in https://myaccount.microsoft.com/device-list portal using his login ID and use in case of recovery.
How such scenarios are handled in MECM Co-Management system with Intune Encryption environment.
Thanks in advance.
Thanks and regards,