From 0f16e19e30716f1e5f905222612f327c06f389cf Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Fri, 12 Oct 2018 14:59:58 -0700 Subject: [PATCH] First attempt at adding new note --- windows/client-management/mdm/bitlocker-csp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 5925f48358..7fa03fcf50 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -844,6 +844,9 @@ The following diagram shows the BitLocker configuration service provider in tree ``` +>[!NOTE] +>When the warning prompt is disabled, the recovery key is backed up to your AAD account. When the warning prompt is allowed, the user can select where to back up the recovery key for an OS drive, but for a Fixed drive we choose where the recovery key will be backed up. The endpoint for a Fixed drive's backup is a user account chossen in the order of AD first, then AAD, and finally the User's personal One-Drive (One-Drive is only applicable to MDM/MAM). Encryption will wait until one of these three locations backs up successfully. + **AllowStandardUserEncryption** Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user Azure AD account.