Iron Contributor

Have a question in how we could do this. 


We have devices shipped by our vendor with Bitlocker (128) bit enabled. I want to re-encrypt this with a 256 bitlocker. Now, we have to unenroll the bitlocker to re-enroll it otherwise, we cannot do it. I have a configuration policy that will encrypt it, I have a powershell script that will decrypt it, but these are in separate groups. I want to combine both into one so that as they enroll in Autopilot, it decrypts the bitlocker 128 bit and then re-encrypts it to 256 bit.


Any suggestions, articles or ways that someone who had similar needs has done this please let me know.


Thank you

0 Replies