Skip to content

Commit 7c6dd8b

Browse files
rogersoMSrogersoMS
authored
Adding note regarding silent BitLocker enablement
Modified settings to block so that BitLocker silent enablement works without throwing an error for settings in MEM. Added note to specify that these settings will result in silent BitLocker enablement but users can cosult BitLocker documentation if they have differing requirements.
1 parent 7f6efb8 commit 7c6dd8b

1 file changed

Lines changed: 4 additions & 3 deletions

File tree

memdocs/cloud-native-windows-endpoints.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -404,6 +404,7 @@ Use Endpoint Security in Microsoft Endpoint Manager to configure encryption with
404404
- Check out our blog series on BitLocker at [Enabling BitLocker with Microsoft Endpoint Manager](https://techcommunity.microsoft.com/t5/intune-customer-success/enabling-bitlocker-with-microsoft-endpoint-manager-microsoft/ba-p/2149784).
405405

406406
These settings can be enabled in the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) by going to **Endpoint Security** > **Disk encryption** > **Create Policy** > **Windows and later** > **Profile** = **BitLocker**.
407+
Configuring the BitLocker settings specified below will result in silenty enabling 128 bit encryption for standard users, which is one of the most common scenarios. However your organisation might have different security requirements, so consult the [BitLocker documentation](./intune/protect/encrypt-devices.md) for additional settings.
407408

408409
**BitLocker – Base Settings**:
409410

@@ -432,9 +433,9 @@ These settings can be enabled in the [Microsoft Endpoint Manager admin center](h
432433
- BitLocker system drive policy: **Configure**
433434
- Startup authentication required: **Yes**
434435
- Compatible TPM startup: **Required**
435-
- Compatible TPM startup PIN: **Blocked**
436-
- Compatible TPM startup key: **Blocked**
437-
- Compatible TPM startup key and PIN: **Blocked**
436+
- Compatible TPM startup PIN: **Block**
437+
- Compatible TPM startup key: **Block**
438+
- Compatible TPM startup key and PIN: **Block**
438439
- Disable BitLocker on devices where TPM is incompatible: **Not configured**
439440
- Enable preboot recovery message and url: **Not configured**
440441
- System drive recovery: **Configure**

0 commit comments

Comments
 (0)