Jan 20 2022 08:25 AM
Hi we are leveraging a config profile to encrypt our computers after Autopilot Enrollment.
XTS-AES 256-bit used space only. The issue that we are seeing is that some of our PCs encrypt with 128 only. They all have proper BIOS settings and compatable TPM Modules. We wind up having to decrypt them and then let the Config Profile reapply the encryption and it always goes to 256 after that. It is like something is kicking off default Windows Encryption which is 128. Is there something we should be looking for? We have a case with Microsoft, but they did nto find anything.
Also, after encryption we have to run a separate script to check for encryption and then prompt the user to set their TPM PIN. Are there any plans to support this in a Config profile in the future? We dont want to use Group Policy and MBAM.......we moved away from that.
Jan 20 2022 08:32 AM
Jan 20 2022 08:35 AM
Jan 20 2022 08:37 AM
Jan 20 2022 08:48 AM
Jan 20 2022 08:57 AM
Jan 20 2022 09:00 AM
Jan 20 2022 09:14 AM
Jan 20 2022 09:45 AM
Jan 20 2022 10:13 AM
@Rheinrich21 they probably came already encrypted or auto-encrypted (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn... by themself. Bitlocker will not change encryption just by config. You need a script that unencrypts and then encrypts with the correct config.