cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Disk Encryption

ElieAT
Iron Contributor

‎Sep 28 2023 06:46 AM

‎Sep 28 2023 06:46 AM

Disk Encryption

Hello,

 

Kindly need to know how we configure bitlocker silently from intune on the new updates of this policy on devices without the users intervention?

 

Regards,

 

 

806 Views
0 Likes
4 Replies
Reply
4 Replies
LeonPavesic

‎Sep 29 2023 06:31 AM

‎Sep 29 2023 06:31 AM

Re: Disk Encryption

Hi @ElieAT,

The 

solution for silently configuring BitLocker from Intune on new devices without user intervention is to use a BitLocker disk encryption policy. This policy allows you to specify all of the necessary settings for enabling BitLocker, including the encryption method, encryption options, and recovery options.

Steps to create and assign a BitLocker disk encryption policy:

  1. Sign in to the Microsoft Endpoint Manager admin center.
  2. Navigate to Endpoint Security > Disk Encryption.
  3. Select Create Policy.
  4. On the Basics page, enter a name and description for the policy.
  5. Under Configuration platform, select Windows.
  6. Select Next.
  7. On the BitLocker settings page, configure the following settings:
    • Require BitLocker: Enabled
    • Encryption method: XTS-AES 128 encryption
    • Encryption options:
      • Hide prompt about third-party encryption
      • Allow standard users to enable encryption during Autopilot
      • Require Key File Creation
      • Recovery Password Creation
  8. Select Next.
  9. On the Assignments page, select the groups of devices that you want to apply the policy to.
  10. Select Next.
  11. On the Review page, review the summary of the policy.
  12. Select Create.

Once the policy is created and assigned, it will be applied to the target devices. BitLocker will be silently enabled on all new devices without user intervention.

Note: The following device prerequisites must be met in order to silently enable BitLocker:

  • The device must be running Windows 10 or later.
  • The device must be joined to Azure Active Directory.
  • The device must be enrolled in Microsoft Endpoint Manager.
  • The device must have the Intune Management Extension installed.


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

0 Likes
Reply
ElieAT

‎Sep 29 2023 07:18 AM

‎Sep 29 2023 07:18 AM

Re: Disk Encryption

Hello @LeonPavesic,

 

Thank you for your reply but this is the old configuration now there is section for bitlocker and other administrative templates so the options changed thats why im asking

 

Regards,

 

 

0 Likes
Reply
LeonPavesic

‎Oct 03 2023 11:31 PM

‎Oct 03 2023 11:31 PM

Re: Disk Encryption

 

You are correct, the BitLocker and Other administrative templates sections have been added to Intune device configuration profiles in recent updates. This allows you to configure BitLocker settings more granularly than before.

To silently enable BitLocker on new devices using administrative templates in Intune, create a device configuration profile with the following settings:

BitLocker

  • Require BitLocker: Enabled
  • Encryption method: XTS-AES 128 encryption
  • Encryption options:
    • Hide prompt about third-party encryption: Yes
    • Allow standard users to enable encryption during Autopilot: Yes
    • Require Key File Creation: Allowed or Blocked
    • Recovery Password Creation: Allowed or Required

Other administrative templates

  • Windows Components > BitLocker Drive Encryption > Operating System Drives > Choose how BitLocker-protected operating system drives can be recovered > Configure recovery options:
    • Recovery key: Save to your Azure AD account
    • Recovery password: Save to your Azure AD account

Once you have created the device configuration profile, you can assign it to the groups of devices that you want to apply it to.

Note that the device prerequisites for silently enabling BitLocker are still the same as before:

  • The device must be running Windows 10 or later.
  • The device must be joined to Azure Active Directory.
  • The device must be enrolled in Microsoft Endpoint Manager.
  • The device must have the Intune Management Extension installed.

Once the policy is applied to a device, BitLocker will be silently enabled on the next reboot.

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

0 Likes
Reply
ElieAT

‎Oct 10 2023 06:44 AM

‎Oct 10 2023 06:44 AM

Re: Disk Encryption

Hello,

Those are not the options shown when configuring in endpoint security

Regards,

0 Likes
Reply