Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


MartinGZ

359 posts

Ultimate Geek

Subscriber

#303510 15-Feb-2023 12:34
Send private message

I want to enable device encryption using BitLocker – should have done this yonks ago when it was easy. Windows 11 Pro, MS 365 subscriptions.

 

On our PCs I always have two logins: an Admin account - occasional use for the obvious, and a Standard User account that is the normal daily grind account. Both accounts have local login. So far. The User account does have a linked MS 365 account once logged in. MS 365 Office is on all PCs in the Standard User accounts, not the Admin Accounts.

 

As it’s an admin job, it should be done from the Admin account, but I cannot, for to activate BitLocker it requires an MS account. I can do it from the Standard User account - it asks for an Admin PW and presumably Windows sees the active MS365 user account.

 

There seem to be three ways to do this.

 

     

  1. Using the Standard User account as above. Recovery key cannot be saved to OneDrive, but text file can be created.
  2. Change the Standard User account to an Admin account and proceed with BitLocker, then back to a Standard User account. This may mean I can save the Recovery Key to OneDrive.
  3. Create an administrative MS account and use this for all the admin accounts on the PCs. I would imagine, that if each Recovery Key has a unique name, multiple BitLocker Recovery Keys can be saved to OneDrive. MS seem to be getting tighter about having a MS account so that would get around possible future issues. There are enough spare users left on the MS365 licence to do this.

 

My inclination is to create yet another MS account for Admin logins. Any thoughts?


Create new topic
bagheera
539 posts

Ultimate Geek


  #3037041 15-Feb-2023 14:10
Send private message

you say it M365? what flavour? If it Business Premium, use intune to turn on and job done




MartinGZ

359 posts

Ultimate Geek

Subscriber

  #3037096 15-Feb-2023 15:54
Send private message

bagheera:

 

you say it M365? what flavour? If it Business Premium, use intune to turn on and job done

 

 

Sorry, I should have mentioned it was Family. So no access to the corporate side of things.


MartinGZ

359 posts

Ultimate Geek

Subscriber

  #3039534 20-Feb-2023 17:26
Send private message

Just thought I'd update this.

 

I decided to go with Option 3 and created a new Microsoft email address to use as a Admin login to our PCs. I don't think we are going to get away from MS insisting on an email address for logins, after all they are required by Apple and Google. It also future proofs one aspect of controlling the PCs, and in the end I think is a better and cleaner method than the other two.

 

In carrying out the work, it was apparent that there are certain advantages, like being able to easily save all recovery keys to one repository and then copy and paste a couple of copies from there. Plus all the OneDrive advantages like being able to share entire directories with others (probably applicable to other cloud services as well). There were a few complications, as where passible, I'm moving to biometric logins. The steps to do this are relatively straight forward, but trying to figure out the best way to do things for all the PCs at the same time kept the grey cells active.

 

Also apparent are some of the windows legacy aspects. Even though you can change the username for logins, Windows User directories retain the old username - thought that would have changed by now.

 

In the case of Bitlocker itself, it never presented me with the option to encrypt only in-use space or encrypt free space as well, I assume it went with in-use space. Not that it matters as there is only personal stuff on the PCs, just interesting that the option was not presented. The actual encryption seemed to be instantaneous.




lxsw20
3552 posts

Uber Geek

Subscriber

  #3039556 20-Feb-2023 18:12
Send private message

Think I would have just gone with Option 2 myself. Seems the most logical.


Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.