![]() ![]() ![]() The setting “Hide Prompt about third-party encryption” is what enables it silently in the background without prompting the end-user. The first setting, “Enable full disk encryption for OS and fixed data drives” is what “enforces” BitLocker to be turned on. The first section is where you configure silent enablement and enforcement of BitLocker. which ones are optional or just “nice” to have? Let’s break it down. When you get to the configuration settings page, you may be overwhelmed with the number of different settings that you can configure. Create a new BitLocker profile What settings should you set? Under Platform select Windows 10 and later > BitLocker. Configure BitLocker by going to the Endpoint Security area and then “Disk Encryption”. Go to Endpoint Security > Disk Encryption > Create Policy. While you can still configure BitLocker under the Settings Catalog or via custom-URI, the best practice is to set up everything under Endpoint Security. These days, Microsoft has moved all of the “security” related items under the Endpoint Security section. Over the years, where you configure BitLocker in the Intune console has changed. Since those versions are no longer supported then as long as you are on a supported version of Windows 10 or Windows 11 then you are good. If they are a local admin then Windor newer is required. If the signed-in user is a standard user then Windor newer is required.The device must have a TPM chip at version 1.2 or higher (TPM 2.0 strongly recommended).We’ll go into more detail on how to deal with this.įor silent or automatic BitLocker enablement, which will be the focus of this blog, you’ll need a few more things: Devices can be already BitLocker encrypted and managed with things like MBAM or McAfee MNE.You will need to fully decrypt those first. Devices must not be encrypted with third-party disk encryption like McAfee Disk Encryption or WinMagic.Devices must be Azure AD or Hybrid Azure AD joined.A valid Microsoft Endpoint Manager (Intune) license.Prerequisitesīefore we jump into configuring, let’s take a look at the prereqs: In this beginner’s guide, you’re going to learn everything you need to know about using Intune to manage BitLocker including recommended settings, how the BitLocker CSP works on the client, and tips if you are migrating from an existing solution. Looking to deploy BitLocker with Intune but don’t know where to start? This is one of the most common places people start when first getting into Intune. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |