none
BitLocker in Intune RRS feed

  • Question

  • Hi All,

    1.  Is it possible to implement BitLocker using Intune?

    2.  If so, what options are available?

    3.  What infrastructure requirements are needed?

    4.  What type of license is required for this activity?

    5.  Any links to site/blog/article would be appreciated.

    Thursday, July 11, 2019 2:23 PM

All replies

  • Hi,

    Yes, Microsoft Intune includes many settings to help protect your devices. The settings are supported in Windows 10 and newer devices. These settings are created in an endpoint protection configuration profile in Intune to control security, including BitLocker and Windows Defender.

    For more details: https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10

    Regards,

    SAAD Youssef

    ______

    Please remember to mark the replies as answer if they help, thank you!

    Thursday, July 11, 2019 2:30 PM
  • 1. Yes, In the past to manage Windows BitLocker we typically needed to create Group Policies or use System Center Configuration Manager (which is still the case with Windows 7, 8.x). However, with Windows 10, Intune now manages BitLocker settings natively right from the Intune admin portal.

    2. These are the BitLocker options available. For the specific meanings of each option: please refer to: https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10

    3. It depends on which BitLocker configuration service provider you needed. Each provider corresponds to a different requirements. For example, In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits. In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2.

    To get more information, please refer to: https://docs.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp

    4. Just do not forget about license for MDM (Intune) and also for Windows 10 client. BitLocker is supported on “Pro” and higher edition (Compliance Policy), but for MDM management for BitLocker configuration (Configuration Policy) is “Business” edition or higher required.

    5. For BitLocker and related article: you can refer the above links and the following link:

    https://blogs.technet.microsoft.com/cbernier/2017/07/11/windows-10-intune-windows-bitlocker-management-yes/

    Best regards,

    Cici Wu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 12, 2019 7:06 AM