we have some adminsitrators which adminsitrate only specificed groups in the company. Is it possible to limit their access to the recoverykeys of Bitlocker/FileVault to 1 or 2 sub-OU-groups in the AD ?
I'm thinking if you put your OUs in the ePO System Tree. Then create permission sets for the target users, which grant access only to the specified folders and with the target recovery key permissions. This might be a way it could work. Anyone else have any ideas?