Hello,
We have Bitlocker configured via GP to automatically save bitlocker and TPM keys to AD DS.
However whenever I enable encryption on new laptop it ask me to save key manually as well,
I verified its also getting saved to AD at the same time, how can I stop this?
basically it should not ask to save key manually, when its also automatically saving this to AD DS.
I believe this can be stop by disabling GPO : Computer config > policies > admin template > win components > bitlocker drive encryption > "control panel setup : configure recovery option"
currently both options are enabled.
Am I correct with disabling this, or will it create some issues?
Thanks