How to configure Bitlocker Configuration Microsoft Endpoint Manager Intune

Encrypt Windows devices with BitLocker in Intune
Enabling BitLocker with Intune
Configuring BitLocker in Microsoft Intune
Step-by-Step Guide to enable BitLocker
How do I enable BitLocker with Intune?
Where is the BitLocker key in Intune?
What is BitLocker key rotation Intune?
Automatically enable Bitlocker encryption with Microsoft Intune
Create an Intune BitLocker policy for Windows 10 devices
How to enable Silent Bitlocker with Intune
Bitlocker management via Intune
Intune - Bitlocker silent and automatic Encryption Settings
Managing Windows Bitlocker Compliance Policy Using Intune

PaddyMaddy

Thanks for that detailed explanation Paddy, Your work is really appreciated, Appreciate sharing the knowledge likewise....

flexmundl

Thank you Sir
You Made my day
Keep going...great work

klentitoska

After I setup Disc Encryption policy and its pushed out to all devices, will it automatically enable on all new devices added later?

foch

Thank you.
We have Bit locker policy in place. now i want to create a policy which allow user to connect USB without enforcing the USB encryption.
i've created new policy from disk encryption
enabling full disk encryption
leaving everything else not configured
created new group and added required device on it.
Will it work?

jaydattpurohit

Hi Paddy

First I would like to thank you for sharing such enriching videos, they help me a lot in my daily life and I am a big fan.

But well, I have a peculiar situation. I need to enable bitlocker for computers that do not have the TPM automatically and without user interaction, as I used your video as a guide and went to other sources so that I could carry out this work.

First I had to create a policy of Configuration Profiles > Templates > Administrative Templates > Computer Configuration > Windows Components > BitLocker Drive Encryption > Operating System Drives and enabled the option "Require additional authentication at startup" and checked the checkbox "Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)" to allow the computer to accept activating bitlocker on a computer without a TPM, then I created the script below:

$OSVolume = Get-BitlockerVolume | Where {$_.VolumeType -eq "OperatingSystem"}
if ($OSVolume.VolumeStatus -eq "FullyDecrypted") {
$PIN = ConvertTo-SecureString "123456789" -AsPlainText -Force
Add-BitlockerKeyProtector -MountPoint $OSVolume.MountPoint -RecoveryPasswordProtector
Enable-BitLocker -MountPoint $OSVolume.MountPoint -Pin $PIN -TPMandPinProtector
-MountPoint $OSVolume.MountPoint -KeyProtectorId ((Get-BitLockerVolume -MountPoint | where {$_.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId
}

But it appears the error "Enable-BitLocker : An external key or password protector is required to enable BitLocker on an operating system volume without a valid TPM." when I try to run in Powershell ISE. I'm running it on an individual computer to apply it to one, as soon as I can solve it I'll send it via script through Intune.

Do you have another idea on how to solve this problem or have you already encountered a scenario like this?

ketzmann

Nice video, but not clear on how to enroll devices to intune, which i beleieve to be the first step.

habibabdulla

What about Bitlocker compliance policy (Require Bitlocker) ? Will Compliance policy enforce bitlocker or will it just say if it is configured or not ?

spodingo

Your logo in the corner flashing all the time is distracting.

patrickmurphy