No, you cannot hide the key today. We are working on this functionality though. Same with additional auditing.
Hide "View Bitlocker Keys" Option in My Account page
We are using Intune Encryption on Windows 10 systems. As I understood that enrolled user can see the recovery keys in My Account page (https://myaccount.microsoft.com/device-list).
There can be chances of data loss from legitimate user if user has access to recovery keys. Please correct if my understanding is wrong. How can we address this security point. Can we hide "View Bitlocker Keys" Option from My Account page so that in case of recovery User will always connect with internal Azure AD team for recovery keys?
Also do let us know if audit log captures in Intune portal if User access / read the BitLocker keys.
Please share your views on it.
Thanks and regards,
Please use this guide: https://www.anoopcnair.com/block-hide-bitlocker-recovery-key-users-graph/As I understand it's possible using Intune Graph API
Sign in to comment