When assigning a silent encryption policy, the targeted devices must have a TPM. The Required setting involves end user interaction, which is not compatible with silent encryption. BitLocker cannot silently encrypt the device if these settings are configured to required because these settings require user interaction.īe aware that configuring these options to Required will prevent silent encryption. In the following example, the Compatible TPM startup PIN, Compatible TPM startup key and Compatible TPM startup key and PIN options are set to Blocked.
The policy cannot have settings configured that will require user interaction.īitLocker settings that prevent silent encryption. 
If your users are not local administrators on the devices, you will need to configure the Allow standard users to enable encryption during autopilot setting so that encryption can be initiated for users without administrative rights. Enabling BitLocker on those devices can render them unusable and result in data loss. It’s important not to target devices that are using third-party encryption. 
Hide prompt about third-party encryption settings This is important because there should be no user interaction to complete the encryption silently.
First, ensure that the Hide prompt about third-party encryption setting is set to Yes. Enabling BitLocker and allowing user interaction on a device with or without TPM.Īs we described in our first post, Enabling BitLocker with Microsoft Endpoint Manager - Microsoft Intune, a best practice for deploying BitLocker settings is to configure a disk encryption policy for endpoint security in Intune.Ĭonsider the following best practices when configuring silent encryption on a Windows 10 device. There is no user interaction when enabling BitLocker on a device in this scenario. In this final post in our series on troubleshooting BitLocker using Intune, we’ll outline recommended settings for the following scenarios: When you’re deploying BitLocker settings through Microsoft Endpoint Manager - Microsoft Intune, different BitLocker encryption configuration scenarios require specific settings. By Luke Ramsdale – Service Engineer | Microsoft Endpoint Manager – IntuneĪdministrators often work with a variety of devices-newer devices equipped with the trusted platform module (TPM) or older devices and virtual machines (VMs) without TPM.
0 kommentar(er)
