Merge pull request #6721 from MicrosoftDocs/main

v-dihans · web-flow · commit f2a2bf1c73c1 · 2022-02-07T11:38:37.000-07:00
Publish 02/07/2022, 10:30 AM
diff --git a/memdocs/cloud-native-windows-endpoints.md b/memdocs/cloud-native-windows-endpoints.md
@@ -404,6 +404,7 @@ Use Endpoint Security in Microsoft Endpoint Manager to configure encryption with
 - Check out our blog series on BitLocker at [Enabling BitLocker with Microsoft Endpoint Manager](https://techcommunity.microsoft.com/t5/intune-customer-success/enabling-bitlocker-with-microsoft-endpoint-manager-microsoft/ba-p/2149784).
 
 These settings can be enabled in the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com)  by going to **Endpoint Security** > **Disk encryption** > **Create Policy** > **Windows and later** > **Profile** = **BitLocker**.
+Configuring the BitLocker settings specified below will result in silenty enabling 128 bit encryption for standard users, which is one of the most common scenarios. However your organisation might have different security requirements, so consult the [BitLocker documentation](./intune/protect/encrypt-devices.md) for additional settings.
 
 **BitLocker – Base Settings**:
 
@@ -432,9 +433,9 @@ These settings can be enabled in the [Microsoft Endpoint Manager admin center](h
 - BitLocker system drive policy: **Configure**
   - Startup authentication required: **Yes**
   - Compatible TPM startup: **Required**
-  - Compatible TPM startup PIN: **Not configured**
-  - Compatible TPM startup key: **Not configured**
-  - Compatible TPM startup key and PIN: **Not configured**
+  - Compatible TPM startup PIN: **Block**
+  - Compatible TPM startup key: **Block**
+  - Compatible TPM startup key and PIN: **Block**
   - Disable BitLocker on devices where TPM is incompatible: **Not configured**
   - Enable preboot recovery message and url: **Not configured**
 - System drive recovery: **Configure**
diff --git a/memdocs/intune/protect/encrypt-devices.md b/memdocs/intune/protect/encrypt-devices.md
@@ -73,9 +73,6 @@ Use one of the following procedures to create the policy type you prefer.
 
 4. On the **Configuration settings** page, configure settings for BitLocker to meet your business needs.  
 
-   > [!TIP]
-   > If you want to enable BitLocker silently, you must use a Endpoint protection template as part of a device configuration profile and not an Endpoint security policy. See [Silently enable BitLocker on devices](#silently-enable-bitlocker-on-devices) in this article for additional prerequisites and the specific setting configurations you must use.
-
    Select **Next**.
 
 5. On the **Scope (Tags)** page, choose **Select scope tags** to open the Select tags pane to assign scope tags to the profile.
@@ -252,4 +249,4 @@ For information about BitLocker deployments and requirements, see the [BitLocker
 - [Manage FileVault policy](../protect/encrypt-devices-filevault.md)  
 - [Monitor disk encryption](../protect/encryption-monitor.md)
 - [Troubleshooting BitLocker policy](/troubleshoot/mem/intune/troubleshoot-bitlocker-policies)
-- [Known issues for Enforcing BitLocker policies with Intune](/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues)
+- [Known issues for Enforcing BitLocker policies with Intune](/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues)
