Could someone explain to me what GPO I would have to setup for my Bitlocker Policy that would allow me to start encrypting on any given machine from AD when I want it to encrypt. I would rather do this so that machines dont start automatically encrypting once I add them to the Bitlocker Policy that I already have setup in AD. Any feedback would help