How to Deploy Bitlocker using Intune Settings Catalog πŸ“‘

In this article, I will demonstrate how you can deploy Bitlocker using Intune Settings Catalog. You can configure Bitlocker with Intune using the settings catalog, which offers more flexible configuration choices.

BitLocker is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. It provides the maximum protection when used with a Trusted Platform Module (TPM) version 1.2 or later versions.


BitLocker may be configured in Intune for Windows 10 and 11 devices using one of three methods:


  • An endpoint protection profile
  • An endpoint security disk encryption profile
  • A settings catalog profile

https://worldbattlingent.com/showthread.php?tid=5764

https://www.tedpublications.com/forum/showthread.php?tid=139829

https://ordemdospsicologos.org/forum/showthread.php?tid=1363

http://www.hondaikmciledug.co.id/HRIS/showthread.php?tid=1368

https://www.truecrimecollectors.com/showthread.php?tid=5014

http://mystrotain.free.fr/forum/showthread.php?tid=23337

https://oodagurus.com/forums/showthread.php?tid=91327

http://yonghengro.gain.tw/viewthread.php?tid=167724&extra=

http://yonghengro.gain.tw/viewthread.php?tid=127314&extra=

http://yonghengro.gain.tw/viewthread.php?tid=79744&extra=

http://yonghengro.gain.tw/viewthread.php?tid=269719&extra=

http://forum.sit.earth/viewtopic.php?id=141362

http://forum.sit.earth/viewtopic.php?id=173370

http://forum.sit.earth/viewtopic.php?id=276456

http://www.ronghosp.org/smf_1_1_21/index.php?topic=17606.0

http://www.ronghosp.org/smf_1_1_21/index.php?topic=17602.0

http://www.ronghosp.org/smf_1_1_21/index.php?topic=17604.0

http://www.ronghosp.org/smf_1_1_21/index.php?topic=17840.0


The endpoint protection and endpoint security disk encryption profiles use BitLocker configuration service provider (CSP) to configure encryption of PCs and devices, whereas the settings catalog profile uses a combination of BitLocker CSP and ADMX backed settings.

Microsoft advises deploying Bitlocker using an Endpoint protection profile when choosing a configuration approach that best suits the requirements of your organisation. The settings catalog profile is a viable substitute if you require more setup flexibility and alternatives.

Refer to the guide on how to enable and configure Bitlocker using endpoint security disk encryption profile. In this article, I will demonstrate how to configure and deploy BitLocker on Windows 10 and 11 devices via the Intune settings catalog.


Prerequisites for Deploying Bitlocker via Intune Settings Catalog


The BitLocker for Intune is available on devices that run Windows 10 and Windows 11. Enabling Bitlocker using Intune requires the following prerequisites in place:


  1. You’ll need a valid Microsoft Intune license.
  2. The devices must be Azure AD or Hybrid Azure AD joined.
  3. Devices must not be encrypted using disk encryption software from a third party, such as McAfee Disk Encryption. When deploying BitLocker using Intune, you must completely decrypt any devices that have already been encrypted using other technologies.
  4. The end devices must have a TPM chip at version 1.2 or higher (TPM 2.0 strongly recommended).
  5. BIOS must be set to UEFI.
  6. To manage BitLocker in Intune, your account must have the applicable Intune role-based access control (RBAC) permissions.

https://git.forum.ircam.fr/-/snippets/3783

https://ideas.exlibrisgroup.com/forums/574345-content/suggestions/42757319-ners-2021-pressbooks-directory

http://majigi.thedaycorp.kr/bbs/board.php?bo_table=blue_after&wr_id=12448&sst=wr_datetime&sod=desc&sop=and&page=8&me_code=&me_code=&me_code=

http://eldoradofus.free.fr/forum/viewtopic.php?pid=22465

http://eldoradofus.free.fr/forum/viewtopic.php?pid=22580

http://eldoradofus.free.fr/forum/viewtopic.php?pid=10936

http://junlinro520.gain.tw/viewthread.php?tid=317813&extra=

http://junlinro520.gain.tw/viewthread.php?tid=139343&extra=

http://junlinro520.gain.tw/viewthread.php?tid=329805&extra=

http://junlinro520.gain.tw/viewthread.php?tid=315720&extra=

http://www.yorkie.1bbs.info/viewtopic.php?t=1284

http://www.yorkie.1bbs.info/viewtopic.php?t=2013

http://www.yorkie.1bbs.info/viewtopic.php?t=51

http://counterstrike.4pforen.4players.de/viewtopic.php?p=3371603

http://counterstrike.4pforen.4players.de/viewtopic.php?t=304385

http://counterstrike.4pforen.4players.de/viewtopic.php?t=304384


Additional Bitlocker Settings available in Intune Settings Catalog


The following additional Bitlocker settings are available in Intune Settings Catalog and are not available in the other two policies-endpoint security and device configuration profiles.


  • Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN
  • Allow enhanced PINs for startup
  • Enable use of BitLocker authentication requiring preboot keyboard input on slates
  • Enforce drive encryption type on operating system drives
  • Select the encryption type: (Device)


Deploy Bitlocker using Intune Settings Catalog


Use the following steps to configure and deploy Bitlocker with the Settings Catalog:


  • Sign-in to the Microsoft Intune admin center.
  • Navigate to Devices > Windows devices > Configuration profiles.
  • Select + Create profile and choose Windows 10 and later for the Platform and Settings catalog for the Profile type, then select Create.


Name the profile in the Basics tab of the Create profile pane. Add a brief description about the profile. Click Next.

On the Configuration settings tab, select +Add settings.

Type “BitLocker” in the search box to find all related settings for configuring Bitlocker. The Intune settings catalog allows you the flexibility to select which BitLocker settings are added to the policy.

There are five categories or group of settings that you can configure for Bitlocker in Intune:


  1. Bitlocker Drive Encryption
  2. Fixed Data Drives
  3. Operating System Drives
  4. Removable Data Drives
  5. Bitlocker settings
  6. Bitlocker Settings










Bitlocker Settings

The BitLocker category enables silent encryption and recovery password rotation settings. Silent encryption will enable BitLocker on a device without the user having to interact. The important limitation for this configuration is, since the user doesn’t have to interact, they won’t be prompted for a startup PIN.

Once you’re done making your category selections, use the X button to close the Settings picker pane and return to the Configurations tab.


The following can be configured for Bitlocker settings:


  • Allow warning for other disk encryption
  • Configure recovery password rotation
  • Removable drives excluded from Encryption
  • Require Device Encryption

Comments

Post a Comment

Popular posts from this blog

Fix Intune Profile Installation Failed during macOS Enrollment

While enrolling the macOS in Intune, you may encounter a warning, “Profile Installation Failed“. Could not obtain the final profile using the Encrypted Profile Service. In this article, I will show you how to resolve this error and provide you with some troubleshooting steps. When you register macOS devices into Intune, you might end up with several enrollment errors. Thankfully, the Intune portal now shows the device enrollment failures right on the dashboard. This makes it easy to troubleshoot the device enrollment errors. I recently published a guide on enrolling macOS into Intune, where I covered the steps to enroll macOS devices into Intune using the company portal app. Microsoft Intune supports enrollment on personal and company-owned devices. Only when you enroll your macOS devices in Intune, you can manage them. https://www.openhelbreath.com/showthread.php?tid=1645 https://www.mcmon.ru/showthread.php?tid=12513 https://www.csoyuncu.net/showthread.php?tid=2319 https://test.tcz.x1
Read more

2 Best Solutions: Error Can’t Connect to Windows 365

In this article, I will show you how to resolve the error can’t connect to Windows 365. If you are unable to access your Cloud PC using the Windows 365 app, there are two ways to solve this issue. I normally connect to my Cloud PC using the Windows 365 app. Note that there are multiple ways to connect and access your Cloud PCs. For instance, you can connect to a cloud PC using the Windows 365 home page, the Windows 365 App, or the Microsoft Remote Desktop client. Cloud PCs are accessible to users only after you assign Windows 365 licenses to users. Note that you should also provision Windows 365 Cloud PCs that allow users to access them from any device. In my case, the provisioning policy in place for Cloud PCs and a valid license was assigned to the user. In some cases, when you attempt to connect to Cloud PC, there may be gateway errors or connection errors. Refer to the following guide on troubleshooting Cloud PC connection errors, where I have covered solutions for Cloud PC access
Read more

2 Easy Ways to Remove Insider Preview Evaluation Copy Watermark

I’ll show you how to remove insider preview evaluation copy watermark from your Windows desktop in this article. If you don’t want the evaluation copy watermark to appear on your desktop, you can remove it using multiple methods. If you have enrolled for the Windows Insider Preview program and have installed the insider preview build, you’ll notice a watermark in the lower-right corner of the desktop. The watermark reveals the build number of the Windows insider preview. The screenshot below shows the example of insider preview evaluation copy watermark from Windows desktop. This watermark appears on all the recent installations of Windows insider preview, and there are multiple methods such as registry, ease of access settings in control panel using which you can remove this watermark on the desktop. There are three proven ways to remove the Evaluation Copy watermark from the desktop of insider preview builds: https://test.tcz.x10.mx/mybb/showthread.php?tid=24716 https://expectingtheu
Read more