I want to enable device encryption using BitLocker – should have done this yonks ago when it was easy. Windows 11 Pro, MS 365 subscriptions.
On our PCs I always have two logins: an Admin account - occasional use for the obvious, and a Standard User account that is the normal daily grind account. Both accounts have local login. So far. The User account does have a linked MS 365 account once logged in. MS 365 Office is on all PCs in the Standard User accounts, not the Admin Accounts.
As it’s an admin job, it should be done from the Admin account, but I cannot, for to activate BitLocker it requires an MS account. I can do it from the Standard User account - it asks for an Admin PW and presumably Windows sees the active MS365 user account.
There seem to be three ways to do this.
- Using the Standard User account as above. Recovery key cannot be saved to OneDrive, but text file can be created.
- Change the Standard User account to an Admin account and proceed with BitLocker, then back to a Standard User account. This may mean I can save the Recovery Key to OneDrive.
- Create an administrative MS account and use this for all the admin accounts on the PCs. I would imagine, that if each Recovery Key has a unique name, multiple BitLocker Recovery Keys can be saved to OneDrive. MS seem to be getting tighter about having a MS account so that would get around possible future issues. There are enough spare users left on the MS365 licence to do this.
My inclination is to create yet another MS account for Admin logins. Any thoughts?