none
Setting up BitLocker with enhanced PIN on Surface Book 4 RRS feed

  • Question

  • I have a new Surface Book 4 and I want to secure it in accordance with UK Government End User Security guidance. It is a standalone network machine and will not be connected to a domain.

    I enabled the recommended Group Policies and then turned BitLocker on using the Control Panel wizard but got an error message stating that the PC configuration was not correct and that I should speak to my system administrator i.e. ME!

    I undid the group policy settings and turned BitLocker on and it successfully encrypted the disk but at no time was I required to enter a password or enhanced PIN. The machine loaded as normal and there was no requirement to enter a password or PIN. I verified that the drive was encrypted using manage-bde -status c:

    I currently have used space encrypted but can I now make the necessary group policy changes and enforce the use of an enhanced PIN, I doubt it but am not prepared to try for fear of locking the drive.

    Can anyone put me right or direct me to Surface/Win 10 Pro specific documentation that will help me get through this.

    Many thanks

    Monday, June 13, 2016 10:51 PM

Answers

  • Hi NRT57,

    The main purpose is to configure the Bitlocker with the PIN, right?
    What is the gpo you have configured?

    To configure bitlocker with PIN, we should configure the following gpo.
    Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives>Require additional authentication at startup
    •Choose Enabled
    •Uncheck the Allow BitLocker without a compatible TPM
    •Under Configure TPM startup PIN:, choose Require startup PIN with TPM
    In addition, we should configure the following gpo, too:
    Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Operating System Drives\ Enable use of Bitlocker authentication requiring preboot keyboard input on slates

    Here is a link for reference:
    Bitlocker PIN on Surface Pro 3 and Other Tablets (The theory should be applied to Windows 10, too)
    https://blogs.technet.microsoft.com/askpfeplat/2014/07/13/bitlocker-pin-on-surface-pro-3-and-other-tablets/

    Best regards


    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com


    Wednesday, June 15, 2016 2:28 AM
    Moderator