Home

BitLocker with non-compatible TPM

%3CLINGO-SUB%20id%3D%22lingo-sub-798230%22%20slang%3D%22en-US%22%3EBitLocker%20with%20non-compatible%20TPM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-798230%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20I%20be%20correct%20in%20saying%20that%20to%20Enable%26nbsp%3BBitLocker%20with%20non-compatible%20TPM%20devices%2C%20the%20following%20settings%20should%20be%20used%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EPlatform%20Windows%2010%20and%20later%3C%2FLI%3E%3CLI%3EEndpoint%20protection%20profile%20type%3C%2FLI%3E%3CLI%3EWindows%20Encryption%20Settings%3C%2FLI%3E%3CLI%3EWindows%20Settings%20%26gt%3B%20Encrypt%20devices%20%3D%20Require%3C%2FLI%3E%3CLI%3EBitLocker%20OS%20drive%20settings%3C%2FLI%3E%3CLI%3EAdditional%20authentication%20at%20startup%20%3D%20Require%3C%2FLI%3E%3CLI%3EBitLocker%20with%20non-compatible%20TPM%20chip%20%3D%20Not%20configured%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThese%20settings%20prompt%20the%20user%20to%20encrypt%20the%20drive%20on%20a%20test%20VM%20and%20seem%20to%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20I%20missed%20anything%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-798230%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-799762%22%20slang%3D%22en-US%22%3ERe%3A%20BitLocker%20with%20non-compatible%20TPM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-799762%22%20slang%3D%22en-US%22%3ESave%20the%20Bitlocker%20key%20to%20Azure%20AD.%3CBR%20%2F%3E%3CBR%20%2F%3EAutopilot%20%26amp%3B%201809%20needs%20some%20specific%20configurations.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Intune%2FBitLocker-Encryption-Policy-for-AutoPilot-Devices-Windows-10%2Fm-p%2F291187%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Intune%2FBitLocker-Encryption-Policy-for-AutoPilot-Devices-Windows-10%2Fm-p%2F291187%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20also%20make%20sure%20the%20BIOS%20is%20updated%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Hi All

 

Would I be correct in saying that to Enable BitLocker with non-compatible TPM devices, the following settings should be used:

 

  • Platform Windows 10 and later
  • Endpoint protection profile type
  • Windows Encryption Settings
  • Windows Settings > Encrypt devices = Require
  • BitLocker OS drive settings
  • Additional authentication at startup = Require
  • BitLocker with non-compatible TPM chip = Not configured

 

These settings prompt the user to encrypt the drive on a test VM and seem to work.

 

Have I missed anything?

1 Reply
Save the Bitlocker key to Azure AD.

Autopilot & 1809 needs some specific configurations.
https://techcommunity.microsoft.com/t5/Microsoft-Intune/BitLocker-Encryption-Policy-for-AutoPilot-De...

And also make sure the BIOS is updated :)
Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies