Once you’ve completed the BitLocker Drive Encryption configuration settings, you’ll move onto the Operating System Drives configuration options. The unique identifiers are not available for configuration using BitLocker CSP, outside of the administrative templates. In this instance, we’ve selected XTS-AES 256-bit for fixed data drives and operating system drives, and AES-CBC 128-bit (default) for removable data drives.įor illustrative purposes, we’ve enabled the unique identifiers but didn’t populated them. Here we can set the encryption method and cipher strength. Once you’re done making your category selections, use the X button to close the Settings picker pane and return to the Configurations tab.Ī screenshot of the Settings picker showing the BitLocker category and the selected settings.Įxpand the Administrative Templates category to see the setting options starting with the BitLocker Drive Encryption.Ī screenshot of the BitLocker Drive Encryption settings pane and the available configuration options. For the purposes of this demonstration, we’ll add them all in. Note that you can select subcategories independently or all at once by using the Select all these settings option. Select a category and then the subcategories you’d like to include. Administrative Templates settings are backed by ADMX, and those configured with BitLocker CSP are represented as the single category, BitLocker. Type “BitLocker” in the search box to find all related settings.Ĭategory options will appear with either the prefixes Administrative Templates or BitLocker. Name the profile in the Basics tab of the Create profile pane and then, on the Configuration settings tab, select +Add settings. Select + Create profile and choose Windows 10 and later for the Platform and Settings catalog for the Profile type, then select Create. To configure BitLocker with the settings catalog, in the Microsoft Intune admin center, navigate to Devices > Windows devices > Configuration profiles. In this article, we demonstrate how to configure BitLocker on Windows 10 and 11 devices via the Intune settings catalog. If you need additional configuration options and flexibility, the settings catalog profile is a good alternative. When selecting a configuration method to best meet your organization’s needs, we recommend using an Endpoint protection profile. The ADMX settings provide the BitLocker group policy settings, which can be used to manage BitLocker tasks and configurations users can perform. The settings catalog profile, however, uses a combination of BitLocker CSP and ADMX backed settings. The endpoint protection and endpoint security disk encryption profiles use BitLocker configuration service provider (CSP) to configure encryption of PCs and devices. An endpoint security disk encryption profileĪll three options are supported and provide the desired configuration options for BitLocker. BitLocker may be configured in Intune for Windows 10 and 11 devices using one of three methods: It provides the maximum protection when used with a Trusted Platform Module (TPM) version 1.2 or later versions. BitLocker is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. This is the sixth in the six-part series about using BitLocker with Intune.
0 Comments
Leave a Reply. |