Forum Discussion
StuartK73
Aug 10, 2019Iron Contributor
BitLocker with non-compatible TPM
Hi All
Would I be correct in saying that to Enable BitLocker with non-compatible TPM devices, the following settings should be used:
- Platform Windows 10 and later
- Endpoint protection profile type
- Windows Encryption Settings
- Windows Settings > Encrypt devices = Require
- BitLocker OS drive settings
- Additional authentication at startup = Require
- BitLocker with non-compatible TPM chip = Not configured
These settings prompt the user to encrypt the drive on a test VM and seem to work.
Have I missed anything?
- JonasBBrass ContributorSave the Bitlocker key to Azure AD.
Autopilot & 1809 needs some specific configurations.
https://techcommunity.microsoft.com/t5/Microsoft-Intune/BitLocker-Encryption-Policy-for-AutoPilot-Devices-Windows-10/m-p/291187
And also make sure the BIOS is updated 🙂 - Simon_TippleCopper Contributor
Both these links have all the steps, they will need to add a password or USB key to encrypt.
https://www.scconfigmgr.com/2018/10/23/enabling-bitlocker-on-non-hsti-devices-with-intune/