![]() ![]() In the following example, you have a device configuration policy that deploys the Windows Encryption (BitLocker) settings, as shown: After the likely source of failure is known, you can then focus your troubleshooting efforts in the right place, and if necessary get support from the correct team.Īs a first step, determine whether the Intune policy successfully deployed to the target device. ![]() When you investigate a BitLocker issue on a Windows 10 device, it's important to first determine whether the issue is Intune-related or Windows-related. Now that you have a general understanding of what these policies do and how they work, look at how you can verify if the BitLocker settings successfully apply to a Windows client. BitLocker Overview and Requirements FAQ.If you'd like to learn more about BitLocker, see the following resources: The BitLocker CSP is built into Windows and when Intune deploys a BitLocker policy to an assigned device, it's the BitLocker CSP on the device that writes the appropriate values to the Windows registry so that settings from the policy can take effect. No matter how settings are applied to a device, BitLocker policies make use of the BitLocker CSP to configure encryption on the device. It's also possible that BitLocker settings are managed by other means like Group Policy, or manually set by a device user. ![]() Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if required. In addition to Intune, for hardware that is compliant with Modern Standby and HSTI, when using either of these features, BitLocker Device Encryption is automatically turned on whenever the user joins a device to Azure AD. They can also manage the same settings you manage with device configuration policies. Different baseline sources, like the MDM Security Baseline or Microsoft Defender ATP Baseline can manage the same settings as well different settings than each other. Security baselines - Security baselines are known groups of settings and default values that are recommended by the relevant security team to help secure Windows devices. You can read about the available options and features here: Windows Encryption. To find these options, create a device profile for endpoint protection, selecting Windows 10 and later for the Platform, and then selecting the Windows Encryption category for Settings. With Microsoft Intune, you have the following methods to manage BitLocker on Windows 10 devices:ĭevice Configuration policies - Certain built-in policy options are available in Intune when you create a device configuration profile to manage endpoint protection. BitLocker also supports use of 256-bit encryption for better protection of sensitive data. BitLocker supports encryption for operating system drives, removable media drives, and fixed data drives. Understanding BitLockerīitLocker drive encryption is a service offered by Microsoft Windows operating systems that allows users to encrypt data on their hard drives. This article also provides guidance on how to troubleshoot problems with BitLocker settings on devices you manage with Intune. This article can help Intune administrators understand how Windows 10 devices configure BitLocker based on Intune policy. Troubleshoot BitLocker policies in Microsoft Intune
0 Comments
Leave a Reply. |