Intune Bitlocker New Devices Only

Posted by NoMentionTech@reddit | sysadmin | View on Reddit | 3 comments

Trying to set up an Intune policy to that only enrolls the bitlocker policy i setup to new devices (or newly imaged/provisioned devices) - the frustrating part is that I cannot find a way to make a dynamic group in entra that will only add devices by a join date (Entra Registration date), or OS install date or anything like that. In Intune you can create a compliance policy. You can make a ps1 script (which I did) that looks at OS Install date, but using the compliance policy (as far as I can tell) you cannot use conditional access or anything to only apply a bitlocker policy on compliant devices - its more of an all or nothing deal.

Has anyone else tried to do anything like this? Was anyone successful? Is there something I am missing?

any help will be much appreciated. Thanks!

[-]

ZAFJB@reddit

Why not just bitlocker everything?

It is less effort for a better result.

gumbrilla@reddit

If you are using autopilot, you can create a filter based on the autopilot profile you use. Assign the devices you are building to that autopilot profile, create a device based based on that profile, and employ that filter on the relevant configuration & compliance entries.

jaydizzleforshizzle@reddit

Create a new deployment profile and add a character to the naming schema and do a dynamic group against that. New devices will be named slightly differently, allowing targeting.