Skip to content

Commit b5d0e8d

Browse files
author
Angela Fleischmann
authored
Merge pull request #6861 from aczechowski/cz-2203tp-10454717-blmts
add 2203tp content for 10454717 (BitLocker task sequence)
2 parents 50eb926 + 5077fd5 commit b5d0e8d

1 file changed

Lines changed: 33 additions & 4 deletions

File tree

  • memdocs/configmgr/core/get-started/2022/includes/2203

memdocs/configmgr/core/get-started/2022/includes/2203/10454717.md

Lines changed: 33 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,42 @@
11
---
2-
author: mestew
3-
ms.author: mstewart
2+
author: aczechowski
3+
ms.author: aaroncz
44
ms.prod: configuration-manager
55
ms.technology: configmgr-core
66
ms.topic: include
77
ms.date: 03/01/2022
88
ms.localizationpriority: medium
99
---
1010

11-
## <a name="bkmk_anchor"></a> Feature Name
12-
<!--CMADO#-->
11+
## <a name="bkmk_blmts"></a> Escrow BitLocker recovery password to the site during a task sequence
1312

13+
<!--10454717-->
14+
15+
You can now configure the **Enable BitLocker** step of a task sequence to escrow the BitLocker recovery information for the OS volume to Configuration Manager. Previously, you had to escrow to Active Directory, or wait for the Configuration Manager client to receive BitLocker management policy after the task sequence. This new option makes sure that the device is fully protected by BitLocker when the task sequence completes, and that you can recover the OS volume immediately.
16+
17+
For more general information, see [Plan for BitLocker management](../../../../../protect/plan-design/bitlocker-management.md).
18+
19+
### Prerequisites for escrowing BitLocker recovery password during a task sequence
20+
21+
The client will only escrow its key to the Configuration Manager site if you configure one of the following options:
22+
23+
- Create and use a certificate to encrypt the site database for BitLocker management.
24+
25+
- Enable the BitLocker client management policy option to **Allow recovery information to be stored in plain text**.
26+
27+
For more information, see [Encrypt recovery data in the database](../../../../../protect/deploy-use/bitlocker/encrypt-recovery-data.md).
28+
29+
### Try it out!
30+
31+
Try to complete the tasks. Then send [Feedback](../../../../understand/product-feedback.md) with your thoughts on the feature.
32+
33+
1. If needed, first [create a task sequence to deploy an OS](../../../../../osd/deploy-use/manage-task-sequences-to-automate-tasks.md).
34+
35+
1. [Use the task sequence editor](../../../../../osd/understand/task-sequence-editor.md) to edit the task sequence.
36+
37+
1. If the task sequence doesn't already include the **Enable BitLocker** step, add it. For more information, see [About task sequence steps: Enable BitLocker](../../../../../osd/understand/task-sequence-steps.md#BKMK_EnableBitLocker).
38+
39+
1. On the properties of the **Enable BitLocker** step, select the option to **Automatically store the recovery key**, and then select **The Configuration Manager database**.
40+
41+
> [!NOTE]
42+
> If Configuration Manager can't escrow the key, by default this task sequence step fails.

0 commit comments

Comments
 (0)