Forum Discussion

Copper Contributor

Jun 02, 2022

Can we configure silent bitlocker to another fixed drive?

about the silent BitLocker can we do it on another fixed drive. I mean not only do it on Drive C(OS drive) can we do it on Drive D,E,F, etc.? on device configure profile in MS Intune

Intune

Mobile Application Management (MAM)

mobile device management (mdm)

mikhailf

Iron Contributor

Jun 02, 2022

Hello mmchx ,

You can do that. Go to Configuration profiles -> Create Profile -> Windows 10/Templates -> Endpoint protection -> Windows Encryption.

There you have "BitLocker OS drive settings" which are OS drive settings and "BitLocker fixed data-drive settings" which are for another fixed drive (D,E...).

NielsScheffers

Iron Contributor

Jun 02, 2022

mikhailf: agreed, but I would've configured it via Endpoint security > Disk encryption.

mmchx: also take a look at Endpoint security > Security baselines. The Defender for Endpoint baseline also configures this.

mmchx
Copper Contributor
Jun 02, 2022
Got it. but what's different btw configure on configuration profile and Endpoint protection?
This one I configure on the configuration profile for doing the silent BitLocker.
- mikhailf
  Iron Contributor
  Jun 02, 2022
  The "Configuration profile" is the old way to configure BitLocker. The "Endpoint Security" is the newer one.
  If "Write access to fixed data-drive not protected by BitLocker" is "Not configured", users will be able to perform write operations to the Data disk without BitLocker.