Add option to "Suspend BitLocker PIN entry on restart" to suspend PIN entry when user initiates restart
Currently, when "Suspend BitLocker PIN entry on restart" is set to Always, if the user initiates the restart Bitlocker PIN entry will not be suspended. This makes sense if we assume that the user is sitting at their computer when they trigger the restart. Unfortunately, due to COVID-19, we currently have many users accessing their onprem computers via RDP. If ConfigMgr prompts them to reboot and they click reboot over RDP, there computer will reboot and prompt for PIN entry, requiring the user to physically go in to the office and enter the PIN.
Bitlocker Network Unlock would likely be the best way to address this issue. This option requires additional infrastructure to be built.
One way to address this would be to rename the current "Always" option to "If User Not Present". Then, add a new option that will always suspend PIN entry for reboots initiated by the ConfigMgr client.
I've ended up here trying to ascertain why the setting, when configured as 'Always' doesn't work when an end-user initiates a restart, passed to the OS by CCMExec.exe. I'm now unclear on when exactly 'Always' works so perhaps some clarity on the wording would also help.
This would be an excellent add as more folks work from home and still need to access their devices at work. Currently, if the user accepts a restart prompt from a required or available install, a resource must go to the site and physically handle the startup if Bitlocker is enabled.