I wanted to understand if we apply used space disk encryption only is it good enough to protect the Windows 10 devices ?
Here's my scenario we are going to issue fresh new devices to end users. Users will enroll into the device via Windows Autopilot and we have a Intune policy to trigger Silent Bitlocker Encryption but we are encountering this issue that device encrypted with Silent Bitlocker encryption is getting encrypted as used disk space only which is our concern here that Drive is not getting full disk encrypted.
Here are our concerns :
Q1. Is there any security risk of having used disk space only encrypted on the fresh new devices as per the documentation I understand that if the disk is not encrypted and we have deleted items it can be recovered but after the encryption is enabled with used disk space only the data still remains encrypted even after deletion ? Does this hold true ?
Q2. Will Intune Compliance policy to have required bitlocker encryption treat used disk space only as non-compliant devices ?
Q3. Any other potential security risk we might see if going ahead with used disk space disk encryption on Win-10 devcies ? example: if the same device get reimage for another user and the user can recover other user data ?
Let us know how to achieve this Device encryption with Full Disk Encryption and 256 bit cypher strength in a silent encryption manner.