Can we configure silent bitlocker to another fixed drive?

Copper Contributor

about the silent BitLocker can we do it on another fixed drive. I mean not only do it on Drive C(OS drive) can we do it on Drive D,E,F, etc.? on device configure profile in MS Intune

4 Replies

Hello @mmchx ,


You can do that. Go to Configuration profiles -> Create Profile -> Windows 10/Templates -> Endpoint protection -> Windows Encryption. 

There you have "BitLocker OS drive settings" which are OS drive settings and "BitLocker fixed data-drive settings" which are for another fixed drive (D,E...).

@mikhailf: agreed, but I would've configured it via Endpoint security > Disk encryption. 


@mmchx: also take a look at Endpoint security > Security baselines. The Defender for Endpoint baseline also configures this. 


Got it. but what's different btw configure on configuration profile and Endpoint protection? 

This one I configure on the configuration profile for doing the silent BitLocker. 



The "Configuration profile" is the old way to configure BitLocker. The "Endpoint Security" is the newer one.
If "Write access to fixed data-drive not protected by BitLocker" is "Not configured", users will be able to perform write operations to the Data disk without BitLocker.