Bitlocker does Full Encrypt, but we want Used Space Only

%3CLINGO-SUB%20id%3D%22lingo-sub-1510843%22%20slang%3D%22en-US%22%3EBitlocker%20does%20Full%20Encrypt%2C%20but%20we%20want%20Used%20Space%20Only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1510843%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20we%20implement%20Bitlocker%20via%20InTune%20it%20works%20and%20we%20end%20up%20with%20disks%20Fully%20Encrypted.%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20set%20it%20so%20that%20it%20will%20only%20encrypt%20%22Used%20Space%20Only%22%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20been%20digging%20through%20the%20settings%20but%20cannot%20see%20anything%20there%20that%20looks%20like%20the%20obvious%20option.%3C%2FP%3E%3CP%3EWe%20are%20able%20to%20do%20Used%20Space%20Only%20encryption%20if%20we%20use%20the%20wizard%20on%20the%20workstation%2C%20but%20naturally%20I'd%20rather%20the%20InTune%20automation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1510843%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1511196%22%20slang%3D%22en-US%22%3ERe%3A%20Bitlocker%20does%20Full%20Encrypt%2C%20but%20we%20want%20Used%20Space%20Only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1511196%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3ECheck%20this%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fbitlocker-csp%23requiredeviceencryption%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fbitlocker-csp%23requiredeviceencryption%3C%2FA%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1511318%22%20slang%3D%22en-US%22%3ERe%3A%20Bitlocker%20does%20Full%20Encrypt%2C%20but%20we%20want%20Used%20Space%20Only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1511318%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%2C%20but%20I%20can't%20see%20how%20that%20helps%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F274269%22%20target%3D%22_blank%22%3E%40Swaminathan_Arumugam%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20you%20able%20to%20point%20me%20to%20the%20text%20that%20describes%20specifically%20how%20to%20encrypt%20%22Used%20Space%20Only%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESvend.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1513529%22%20slang%3D%22en-US%22%3ERe%3A%20Bitlocker%20does%20Full%20Encrypt%2C%20but%20we%20want%20Used%20Space%20Only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1513529%22%20slang%3D%22en-US%22%3E%3CBR%20%2F%3EHi%20SvendP%2C%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20I%20know%20Silent%20Encryption%20uses%20(Used%20Space%20Only)%20by%20default%20(screenshot%20attached).%20Here%20is%20great%20blog%20about%20Bitlocker%20and%20silent%20encryption%20using%20Intune.%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20this%20helps!%3CBR%20%2F%3EMoe%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.anoopcnair.com%2Fexploring-bitlocker-drive-encryption%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.anoopcnair.com%2Fexploring-bitlocker-drive-encryption%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EBlog%20by%20our%20colleague%20Peter%20Klapwijk%2C%20used%20it%20many%20times%20before%20In%20case%20you%20having%20troubles%20enabling%20silent%20encryption.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.inthecloud247.com%2Fwindows-10-failed-to-enable-silent-encryption%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.inthecloud247.com%2Fwindows-10-failed-to-enable-silent-encryption%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1513550%22%20slang%3D%22en-US%22%3ERe%3A%20Bitlocker%20does%20Full%20Encrypt%2C%20but%20we%20want%20Used%20Space%20Only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1513550%22%20slang%3D%22en-US%22%3E%3CP%3EThank%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F503735%22%20target%3D%22_blank%22%3E%40Moe_Kinani%3C%2FA%3E%26nbsp%3B%2C%20That%20certainly%20confirms%20that%20I%20am%20not%20totally%20blind%20and%20there%20is%20in%20fact%20no%20option%20in%20the%20UI.%3C%2FP%3E%3CP%3EStrangely%20I%20do%20have%20the%20Block%20setting%20for%26nbsp%3B%3CSTRONG%3EWarning%20for%20other%20disk%20encryption%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3Bwhich%20the%20article%20states%20is%20the%20actual%20%22silent%22%20part%20of%20the%20implementation%2C%20and%20so%20it%20should%20just%20do%20the%20User%20Data%20Only.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI'm%20going%20to%20test%20it%20on%20a%20larger%20pool%20of%20laptops%20to%20see%20if%20any%20of%20them%20come%20up%20with%20a%20User%20Data%20Only%20Encryption.%20I%20have%20been%20informed%20that%20many%20of%20these%20workstations%20had%20encryption%20enabled%20before%20but%20that%20it%20was%20disabled%20so%20that%20a%20firmware%20update%20could%20be%20carried%20out.%20I%20wonder%20if%20that%20has%20a%20bearing%20on%20this%20re-encryption%20process.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESvend.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1514764%22%20slang%3D%22en-US%22%3ERe%3A%20Bitlocker%20does%20Full%20Encrypt%2C%20but%20we%20want%20Used%20Space%20Only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1514764%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20experience%20has%20been%20that%20it%20will%20encrypt%20full%20disk%20if%20a%20partition%20existed%20prior%20to%20windows%20install%20and%20used%20space%20if%20none%20existed.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

When we implement Bitlocker via InTune it works and we end up with disks Fully Encrypted.

Is it possible to set it so that it will only encrypt "Used Space Only"?

 

I've been digging through the settings but cannot see anything there that looks like the obvious option.

We are able to do Used Space Only encryption if we use the wizard on the workstation, but naturally I'd rather the InTune automation.

5 Replies
Highlighted

Thanks, but I can't see how that helps @Swaminathan_Arumugam 

Are you able to point me to the text that describes specifically how to encrypt "Used Space Only".

 

Svend.

Highlighted

Hi SvendP,

As I know Silent Encryption uses (Used Space Only) by default (screenshot attached). Here is great blog about Bitlocker and silent encryption using Intune.

Hope this helps!
Moe

https://www.anoopcnair.com/exploring-bitlocker-drive-encryption/

Blog by our colleague Peter Klapwijk, used it many times before In case you having troubles enabling silent encryption.

https://www.inthecloud247.com/windows-10-failed-to-enable-silent-encryption/


Highlighted

Thank @Moe_Kinani , That certainly confirms that I am not totally blind and there is in fact no option in the UI.

Strangely I do have the Block setting for Warning for other disk encryption which the article states is the actual "silent" part of the implementation, and so it should just do the User Data Only.

 

I'm going to test it on a larger pool of laptops to see if any of them come up with a User Data Only Encryption. I have been informed that many of these workstations had encryption enabled before but that it was disabled so that a firmware update could be carried out. I wonder if that has a bearing on this re-encryption process.

 

Svend.

Highlighted

My experience has been that it will encrypt full disk if a partition existed prior to windows install and used space if none existed.