Forum Discussion
CSP Policy for BitLocker Encryption on AutoPilot Devices
After a great deal of experimentation and a https://osddeployment.dk/2018/11/18/how-to-delivering-bitlocker-policy-to-autopilot-devices-to-set-256-bit-encryption/; I tracked down the cause of the issue.
The encryption section of the EndPoint Protection policy does not correctly apply to AAD Joined devices capable of HSTI if the policy is set to Encrypt Device: Require.
I was able to successfully encrypt a device during AutoPilot with AES 256 under the following circumstances.
- Create a brand new Endpoint Protection policy (Important!)
- Apply the encryption settings that you want to set
- Make sure the Encrypt Device setting is set to Not Configured
- Apply the policy to a group containing Azure AD Joined windows devices
- Do not target the policy at user accounts
The policy settings that I used are attached.
After a great deal of experimentation and a https://osddeployment.dk/2018/11/18/how-to-delivering-bitlocker-policy-to-autopilot-devices-to-set-256-bit-encryption/; I tracked down the cause of the issue.
The encryption section of the EndPoint Protection policy does not correctly apply to AAD Joined devices capable of HSTI if the policy is set to Encrypt Device: Require.
I was able to successfully encrypt a device during AutoPilot with AES 256 under the following circumstances.
- Create a brand new Endpoint Protection policy (Important!)
- Apply the encryption settings that you want to set
- Make sure the Encrypt Device setting is set to Not Configured
- Apply the policy to a group containing Azure AD Joined windows devices
- Do not target the policy at user accounts
The policy settings that I used are attached.
So, I am finding a way that we could do this. Any suggestions or thoughts or any methods?