Microsoft Azure Active Directory (Azure AD) and Microsoft Intune bring the power of the intelligent cloud to Windows 10 device management, including management capabilities for BitLocker. Some of these capabilities work on Windows 10 Pro, while other capabilities require Windows 10 Enterprise or Education editions.
The first step to managing BitLocker using Microsoft Intune is to visit the new Microsoft Endpoint Manager admin center. Select Endpoint security > Disk encryption, and then Create policy. Enter in the Platform and Profile indicated in the screen capture below, and then select Create.
Next, enter the basics, such as the name of the policy and an optional description,
Then move on to Configuration settings. Notice you can search for a specific setting, like “fixed drive policy,” or you can scroll through the settings.
Also notice the options offered for key rotation.
As you enable settings, additional settings may appear. For example, Enabling Fixed drive encryption expands more options: Recovery key file creation and Configure BitLocker recovery key package.
Finally, add Scope tags (optional), assign the new policy to specific groups of users or devices, and select Create.
The settings that can be configured here include:
- BitLocker – Base Settings
- Enable full disk encryption for OS and fixed data drives
- Require storage cards to be encrypted (mobile only)
- Hide Prompt about third-party encryption
- Configure client-driven recovery password rotation
- BitLocker – Fixed Drive Settings
- BitLocker fixed drive policy
- BitLocker – OS Drive Settings
- BitLocker system drive policy
- BitLocker – Removable Drive Settings
- BitLocker removable drive settings
For more details, see the RequireDeviceEncryption section of the BitLocker CSP.
The Author – Blogabout.Cloud