How to Deploy Bitlocker using Intune Settings Catalog πŸ“‘

In this article, I will demonstrate how you can deploy Bitlocker using Intune Settings Catalog. You can configure Bitlocker with Intune using the settings catalog, which offers more flexible configuration choices.

BitLocker is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. It provides the maximum protection when used with a Trusted Platform Module (TPM) version 1.2 or later versions.


BitLocker may be configured in Intune for Windows 10 and 11 devices using one of three methods:


  • An endpoint protection profile
  • An endpoint security disk encryption profile
  • A settings catalog profile

https://worldbattlingent.com/showthread.php?tid=5764

https://www.tedpublications.com/forum/showthread.php?tid=139829

https://ordemdospsicologos.org/forum/showthread.php?tid=1363

http://www.hondaikmciledug.co.id/HRIS/showthread.php?tid=1368

https://www.truecrimecollectors.com/showthread.php?tid=5014

http://mystrotain.free.fr/forum/showthread.php?tid=23337

https://oodagurus.com/forums/showthread.php?tid=91327

http://yonghengro.gain.tw/viewthread.php?tid=167724&extra=

http://yonghengro.gain.tw/viewthread.php?tid=127314&extra=

http://yonghengro.gain.tw/viewthread.php?tid=79744&extra=

http://yonghengro.gain.tw/viewthread.php?tid=269719&extra=

http://forum.sit.earth/viewtopic.php?id=141362

http://forum.sit.earth/viewtopic.php?id=173370

http://forum.sit.earth/viewtopic.php?id=276456

http://www.ronghosp.org/smf_1_1_21/index.php?topic=17606.0

http://www.ronghosp.org/smf_1_1_21/index.php?topic=17602.0

http://www.ronghosp.org/smf_1_1_21/index.php?topic=17604.0

http://www.ronghosp.org/smf_1_1_21/index.php?topic=17840.0


The endpoint protection and endpoint security disk encryption profiles use BitLocker configuration service provider (CSP) to configure encryption of PCs and devices, whereas the settings catalog profile uses a combination of BitLocker CSP and ADMX backed settings.

Microsoft advises deploying Bitlocker using an Endpoint protection profile when choosing a configuration approach that best suits the requirements of your organisation. The settings catalog profile is a viable substitute if you require more setup flexibility and alternatives.

Refer to the guide on how to enable and configure Bitlocker using endpoint security disk encryption profile. In this article, I will demonstrate how to configure and deploy BitLocker on Windows 10 and 11 devices via the Intune settings catalog.


Prerequisites for Deploying Bitlocker via Intune Settings Catalog


The BitLocker for Intune is available on devices that run Windows 10 and Windows 11. Enabling Bitlocker using Intune requires the following prerequisites in place:


  1. You’ll need a valid Microsoft Intune license.
  2. The devices must be Azure AD or Hybrid Azure AD joined.
  3. Devices must not be encrypted using disk encryption software from a third party, such as McAfee Disk Encryption. When deploying BitLocker using Intune, you must completely decrypt any devices that have already been encrypted using other technologies.
  4. The end devices must have a TPM chip at version 1.2 or higher (TPM 2.0 strongly recommended).
  5. BIOS must be set to UEFI.
  6. To manage BitLocker in Intune, your account must have the applicable Intune role-based access control (RBAC) permissions.

https://git.forum.ircam.fr/-/snippets/3783

https://ideas.exlibrisgroup.com/forums/574345-content/suggestions/42757319-ners-2021-pressbooks-directory

http://majigi.thedaycorp.kr/bbs/board.php?bo_table=blue_after&wr_id=12448&sst=wr_datetime&sod=desc&sop=and&page=8&me_code=&me_code=&me_code=

http://eldoradofus.free.fr/forum/viewtopic.php?pid=22465

http://eldoradofus.free.fr/forum/viewtopic.php?pid=22580

http://eldoradofus.free.fr/forum/viewtopic.php?pid=10936

http://junlinro520.gain.tw/viewthread.php?tid=317813&extra=

http://junlinro520.gain.tw/viewthread.php?tid=139343&extra=

http://junlinro520.gain.tw/viewthread.php?tid=329805&extra=

http://junlinro520.gain.tw/viewthread.php?tid=315720&extra=

http://www.yorkie.1bbs.info/viewtopic.php?t=1284

http://www.yorkie.1bbs.info/viewtopic.php?t=2013

http://www.yorkie.1bbs.info/viewtopic.php?t=51

http://counterstrike.4pforen.4players.de/viewtopic.php?p=3371603

http://counterstrike.4pforen.4players.de/viewtopic.php?t=304385

http://counterstrike.4pforen.4players.de/viewtopic.php?t=304384


Additional Bitlocker Settings available in Intune Settings Catalog


The following additional Bitlocker settings are available in Intune Settings Catalog and are not available in the other two policies-endpoint security and device configuration profiles.


  • Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN
  • Allow enhanced PINs for startup
  • Enable use of BitLocker authentication requiring preboot keyboard input on slates
  • Enforce drive encryption type on operating system drives
  • Select the encryption type: (Device)


Deploy Bitlocker using Intune Settings Catalog


Use the following steps to configure and deploy Bitlocker with the Settings Catalog:


  • Sign-in to the Microsoft Intune admin center.
  • Navigate to Devices > Windows devices > Configuration profiles.
  • Select + Create profile and choose Windows 10 and later for the Platform and Settings catalog for the Profile type, then select Create.


Name the profile in the Basics tab of the Create profile pane. Add a brief description about the profile. Click Next.

On the Configuration settings tab, select +Add settings.

Type “BitLocker” in the search box to find all related settings for configuring Bitlocker. The Intune settings catalog allows you the flexibility to select which BitLocker settings are added to the policy.

There are five categories or group of settings that you can configure for Bitlocker in Intune:


  1. Bitlocker Drive Encryption
  2. Fixed Data Drives
  3. Operating System Drives
  4. Removable Data Drives
  5. Bitlocker settings
  6. Bitlocker Settings










Bitlocker Settings

The BitLocker category enables silent encryption and recovery password rotation settings. Silent encryption will enable BitLocker on a device without the user having to interact. The important limitation for this configuration is, since the user doesn’t have to interact, they won’t be prompted for a startup PIN.

Once you’re done making your category selections, use the X button to close the Settings picker pane and return to the Configurations tab.


The following can be configured for Bitlocker settings:


  • Allow warning for other disk encryption
  • Configure recovery password rotation
  • Removable drives excluded from Encryption
  • Require Device Encryption

Comments

Popular posts from this blog

2 Best Solutions: Error Can’t Connect to Windows 365

Patch Server Core Installation with latest Windows Updates

Fix Autopilot Profile Status Shows Not Assigned | Stuck Assigning