question

RonyPaul-9719 avatar image
0 Votes"
RonyPaul-9719 asked RahulJindal-2267 edited

Encrypt fixed drives only with Bit Locker (Intune)

I need to encrypt All fixed drives except OS drive with bit locker. Is it possible? and also have a requirement of storing the recovery key in azureAD.

mem-intune-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered RahulJindal-2267 edited

BitLocker settings are divided into base settings, fixed drive settings, OS drive settings, and removable drive settings. All of which can be configured in the endpoint security profile.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RahulJindal-2267 Thanks brother. I know the settings are available. My requirement is to encrypt only fixed drive.
But I can not proceed without configuring all the drive settings (OS, Fixed and removable disk).

128195-image.png



Can I silently encrypt all Windows 10 device's only fixed drives (except OS drive) using intune bitlocker?

0 Votes 0 ·
image.png (20.7 KiB)

I see now what you mean. I was under the impression that these can be configured separately using EP profiles, but looks like you can't. This may be as per design, however, the settings are a bit different in the Settings Catalog. I just tried configuring the settings below and didn't get any warnings. Now, the encryption type is set for other driver types, but I have only enabled it from Fixed drives. I haven't tested these, but give it a try.

128267-bitlocker.png


0 Votes 0 ·
bitlocker.png (31.7 KiB)
LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered

@RonyPaul-9719 Thanks for posting in our Q&A.

RahulJindal has shared some information with you. For fixed drive settings, I only add a little about it. The following article describes the details about these settings:
https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-security-disk-encryption-profile-settings#bitlocker---fixed-drive-settings

Hope it will help.


If anyone's response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RonyPaul-9719 avatar image
0 Votes"
RonyPaul-9719 answered RahulJindal-2267 edited

@RahulJindal-2267 Thanks so much for the suggestion. I have tried but no luck.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

In that case, I don't think it is possible to single out encryption for a particular drive type. Any particular reason why you just want to encrypt fixed drives?

0 Votes 0 ·