Forum Discussion

marckuhn's avatar
marckuhn
Brass Contributor
Aug 12, 2021

Endpoint security - Device encryption policy shows error

Hi all   i have around 100 new HP Elitebooks which i want to configure with Bitlocker. We would like to accomplish this in the Endpoint security section and created a Device encryption policy accor...
  • BilalelHadd's avatar
    BilalelHadd
    Aug 13, 2021

    Hi Marc,

     

    Check if you can re-image the Windows 10 client to be sure.


    Below the settings that difference from yours:
    - BitLocker - Base Settings
    Require storage cards to be encrypted (mobile only): Yes
    Configure client-driven recovery password rotation: Azure AD-Joined devices only

    BitLocker - Fixed Drive Settings
    Enable BitLocker after recovery information to store: Not configured

    BitLocker - OS Drive Settings
    Compatible TPM startup : Allowed
    Compatible TPM startup PIN: Blocked
    Compatible TPM startup key: Blocked
    Compatible TPM startup key and PIN: Blocked
    Enable BitLocker after recovery information to store: Not configured
    Block the use of certificate-based data recovery agent (DRA): Yes

    BitLocker - Removable Drive Settings
    Block write access to removable data-drives not protected by BitLocker: Yes

    Hope this helps, and keep me posted.

    Regards, Bilal

Resources