Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)

Can we configure silent bitlocker to another fixed drive?

Contributor

about the silent BitLocker can we do it on another fixed drive. I mean not only do it on Drive C(OS drive) can we do it on Drive D,E,F, etc.? on device configure profile in MS Intune

4 Replies

Hello @mmchx ,

 

You can do that. Go to Configuration profiles -> Create Profile -> Windows 10/Templates -> Endpoint protection -> Windows Encryption. 

There you have "BitLocker OS drive settings" which are OS drive settings and "BitLocker fixed data-drive settings" which are for another fixed drive (D,E...).

@mikhailf: agreed, but I would've configured it via Endpoint security > Disk encryption. 

 

@mmchx: also take a look at Endpoint security > Security baselines. The Defender for Endpoint baseline also configures this. 

 

Got it. but what's different btw configure on configuration profile and Endpoint protection? 

This one I configure on the configuration profile for doing the silent BitLocker. 

mmchx_0-1654163599172.png

 

The "Configuration profile" is the old way to configure BitLocker. The "Endpoint Security" is the newer one.
If "Write access to fixed data-drive not protected by BitLocker" is "Not configured", users will be able to perform write operations to the Data disk without BitLocker.