Autopilot User-driven mode with Hybrid Join and Silently Enabling Bitlocker

Question

I'm building Windows 10 22H2 Enterprise machines using user-driven Autopilot and AzureAD Hyrid join. We require hybrid join for a very specific reason so AzureAD join is not an option. We also wish to enable Bitlocker with the recovery keys stored in AzureAD.

In this scenario is silent enablement of Bitlocker during Autopilot possible/supported?

jeroenburgerhout · Answer

shocko&nbsp;Please take a look at my blog post for more info to enable your wishes.&nbsp;The BitLocker HAADJ Nightmare (burgerhout.org)

jeroenburgerhout · Answer

For HAADJ devices you need to have a GPO with the settings that I mention in the blog post. Otherwise.. it will not work. Trust me.

shocko · Answer

Thanks for the info. I'm not sure I follow the thread though. We don't use GPO for our Intune enrolled machines. Is it possible to enable Bitlocker silently during user-driven autopilot with the recovery key stored in AzureAD?

shocko · Answer

Yes in understand that we can silently enable Bitlocker for Hybrid join machines using the settings you have indicated (including GPO) but my query is around doing this as part of Autoplilot

jeroenburgerhout · Answer

shocko&nbsp;You can enable Bitlocker during Autopilot through a Endpoint Security -&gt; Disk encyption policy.But I don't know if this works wit HAADJ devices.&nbsp;

Forum Discussion

Autopilot User-driven mode with Hybrid Join and Silently Enabling Bitlocker

Resources