A
AJP_850
Hi,
Today I carelessly didn't uncheck the "allow my organisation to manage this device" on the Teams login, and I now need to understand what damage has been done and how to repair it. I can see two things:
- A work and school account was created. I have removed this. If I hadn't, would my organisation be able to control how I use my own personal device? is removing it sufficient to prevent this?
- My BitLocker keys were uploaded and are now stored on their systems. I saw them in the Office portal and this link suggests they will also be in Azure Active Directory. Does this mean that Windows uploaded my BitLocker keys without my consent when it created that account?
Finding your BitLocker recovery key in Windows 10 (microsoft.com)
Both these strike me as changes that will make the vast majority of users extremely uncomfortable. The significance of the second point is probably lost on a lot of less technical users. Assuming my understanding is correct (please correct me if I'm wrong) they now have the key required to access my encrypted hard drive.
A couple of questions:
1. Are there any other changes I need to be aware of?
2. Can I change the Bitlocker keys without having to decrypt / encrypt the entire hard drive?
3. If I do change the Bitlocker keys, will the new ones be uploaded again?
(FWIW I can't quite believe that an option with such undesirable and significant consequences is checked by default and does not even remember its previous value.)
Continue reading...
Today I carelessly didn't uncheck the "allow my organisation to manage this device" on the Teams login, and I now need to understand what damage has been done and how to repair it. I can see two things:
- A work and school account was created. I have removed this. If I hadn't, would my organisation be able to control how I use my own personal device? is removing it sufficient to prevent this?
- My BitLocker keys were uploaded and are now stored on their systems. I saw them in the Office portal and this link suggests they will also be in Azure Active Directory. Does this mean that Windows uploaded my BitLocker keys without my consent when it created that account?
Finding your BitLocker recovery key in Windows 10 (microsoft.com)
Both these strike me as changes that will make the vast majority of users extremely uncomfortable. The significance of the second point is probably lost on a lot of less technical users. Assuming my understanding is correct (please correct me if I'm wrong) they now have the key required to access my encrypted hard drive.
A couple of questions:
1. Are there any other changes I need to be aware of?
2. Can I change the Bitlocker keys without having to decrypt / encrypt the entire hard drive?
3. If I do change the Bitlocker keys, will the new ones be uploaded again?
(FWIW I can't quite believe that an option with such undesirable and significant consequences is checked by default and does not even remember its previous value.)
Continue reading...