cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enable Bitlocker on devices without TPM - Standard Users

Gian202b
Copper Contributor

‎Sep 17 2021 12:25 PM

‎Sep 17 2021 12:25 PM

Enable Bitlocker on devices without TPM - Standard Users

Hello, 

We are in the process of migrating our Drive Encryption solution to Bitlocker. We successfully migrated the majority of our clients with TPM to Bitlocker by using Intune Configuration Profiles. 

The issue we are facing now is that we need to enable Bitlocker on devices without TPM. Users are not local admins so they cannot complete the Bitlocker Wizard.

I have played around with different Intune Profiles, Encryption Policies and custom OMA-URI but the closest I get is through the first prompt regarding 3rd party encryption and then I get UAC prompt to elevate. 

 

Is there a configuration that allows me to enable Bitlocker on devices that do not have TPM, without requiring IT to have to manually touch each device?

 

Some screenshot of settings below... I have tried with the "Compatible TPM Startup" as Blocker / Not Configured / Allowed... 

Gian202b_0-1631906302779.png

Gian202b_1-1631906417758.png

 

Labels:
1,503 Views
0 Likes
3 Replies
Reply
3 Replies
Gian202b

‎Sep 28 2021 11:08 AM

‎Sep 28 2021 11:08 AM

Re: Enable Bitlocker on devices without TPM - Standard Users

@Darkmenance Thanks for your reply, but no these don't really apply to my situation as they are all GPO. 

My specific situation requires Intune policy as well as the fact the users don't have admin rights.

0 Likes
Reply
SalmanAhmed

‎Oct 29 2021 12:38 AM

‎Oct 29 2021 12:38 AM

Re: Enable Bitlocker on devices without TPM - Standard Users

HIi @Gian202b

 

I have implemented BDE (Bit-locker Drive Encryption) around 120 remote devices, I used Quick Assist (Windows 10 built-in remote access tool) to implement BDE. Quick Assist doesn't support to launch the application in elevated mode; however, I wrote a cmd script that I execute on the remote devices.

0 Likes
Reply