This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 11%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Hi,
Is there a way to force users to activate Bitlocker?
I created a profile and set Require under Encrypt devices,
And it only gives a one-time alert to the user and does not require him to activate the Bitlocker.
And I see the article here to set up the encryption silently but it will be without PIN request at computer startup.
https://msendpointmgr.com/2019/10/31/silently-enable-bitlocker-for-hybrid-azure-ad-joined-devices-using-windows-autopilot/
Is there a way to run Bitlocker silently with randomly PIN or PIN written in the script and the user must change it after that??
Thanks
Rash
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 77%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Just in case you had already looked at the article: I have revised the code and found a flaw which I just corrected.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 84%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Currently it doesn’t seem to support force Bitlocker with PIN by Intune. The BitLocker policy must not require use of a startup PIN or startup key. When a TPM startup PIN or startup key is required, BitLocker can't silently enable and requires interaction from the end user.
Reference: https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#silently-enable-bitlocker-on-devices
Some end users have already post such request in Intune UserVoice, I think you can vote the following ticket to address this issue. Many features of our current products are designed and upgraded based on customer feedback. We strive to capture any negative reviews in order to ensure that we are continuously improving our products to meet our customers' needs. With your efforts, we are committed to improving our products. Here is the link:
https://microsoftintune.uservoice.com/forums/291681-ideas?query=Bitlocker%20with%20PIN
See my article at expert exchange: https://www.experts-exchange.com/articles/33771/We-have-bitlocker-so-we-need-MBAM-too.html?preview=hG26jVC1xow%3D
It provides a script to turn on BL with PIN automatically using task scheduler.
Hi @RASH MAAR ,
if you are looking for a solution with Intune and AADJ devices I do have a blog post about it here:
How to enable Pre-Boot BitLocker startup PIN on Windows with Intune
https://oliverkieselbach.com/2019/08/02/how-to-enable-pre-boot-bitlocker-startup-pin-on-windows-with-intune/
best,
---
Oliver Kieselbach | Twitter | Blog
Mark useful answers by clicking "Accept Answer", many thanks!