You must log in or register to comment.
LUKS is extremely easy to setup with a Linux install, and MS will never possess the key. Linux is free to try, can be ran from a USB stick without affecting any existing OS installs, and for most people will be a functional direct replacement with minimal effort to learn the basics.
So basically the US government can unlock any BitLocker encrypted device, anywhere.
Which is to say BitLocker isn’t really doing the thing it’s supposed to be doing.
If you have your bitlocker drive connected to an online Microsoft account: yes.
If not, no, a local account is still technically safe. For now.
It is pretty terrifying that basically all major companies globally can have the keys to any of their computers supplied in secret to the FBI.
These are only the keys saved to Microsoft accounts.
There is nothing to prevent MS from sending the keys from every intune instance.
No such issue with end-to-end encryption, as only the end user devices have the keys. It’s used by Apple (that was the main argument in the FBI wanting to unlock iPhones), some messaging services like Signal and Whatsapp, only mentioning big tech. Of course, you have to trust them when it’s closed source. Here the story is that Microslop chose from the beginning centralized keys that they own and can share. It’ s all well known, but the news is that they really did it.
You don’t have to store them in intune, as far as I know. I’m not a desktop engineer, but I know at my workplace they historically are stored in AD.
Here it depends. Is AD in Azure? This privacy statement seems to indicate that Microsoft has full access to your data and that it’s just company policy that keeps them out.
If your servers are on site and firewalled, then Microsoft would need some sort of remote access tool that tracks each server. This means that on-site licensing and patching needs to be done. I can’t think of any other service off the top of my head, but I’m only a desktop engineer.
