Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
LIVE

Bit Locker Group Policy

Brass Contributor

I have a question about the Bit Locker Group Policy. I have setup the GPO and tied it to an OU in our domain with all settings I want applied. From my understanding Bit Locker will not enable by itself just by configuring the GPO but instead just define the settings I want to apply in the policy. I would have to either enable it manually or by some type of script. But what I am noticing is that I have computers that are automatically enabling Bit Locker. Is this supposed to happen? Has anybody else had this happen. Its good in the fact that I dont have to touch all the computers but bad if it enables it and they  have USB drives attached at the time it is enabled which would cause BL recovery mode to come up. Any insight is welcome.

 

Thanks!

1 Reply

Hi @charlie4872,

 

by default, Windows does not encrypt disks automatically. The GPO only configures the settings which will be applied if BitLocker is enabled.

However, there are some scenarios where BitLocker is enabled automatically:
- If the device is joined to Azure AD

- If the device supports some special requirements as outlined here: https://www.dell.com/support/article/de-de/sln299056/automatic-windows-device-encryption-bitlocker-o... 

 

Maybe one of these scenarios applies to your situation?