I've been decrypting and removing SEE from machines. This has been going pretty well, I have a task sequence that starts the decryption and monitors it until the decryption finishes and then uninstalls. Unfortunately, if the machine is using MBR the drive will still be instrumented and refuse to uninstall the product.
I experimented, and didn't have much luck. I took a gamble that the drive was no longer encrypted, that I could try purging the mbr to release the pre-boot authentication. That was a really dumb idea. Is there a non-destructive way to get Endpoint Encryption off of an MBR machine? My inplace upgrades are failing and 1803 needs to go (I have about 600 laptops to upgrade).
On the uefi side of the house, the upgrades seem fine. I can set the autologon for the post setup, I split out the drivers for the actual OS upgrade. The MBR machines however seem to have a high fail rate, I'd love to convert them or even do a wipe and reload. Unfortunately we're not in a position for a wipe and reload, and converting while the encryption is still on the machine seems very not-possible.