question

dilannanayakkara-8008 avatar image
0 Votes"
dilannanayakkara-8008 asked dilannanayakkara-8008 commented

Silently Enable Bit Locker with AutoPilot

Hi All,

I have tested the BitLocker configuration profile with Autopilot and it seems successful, but it saying "Used Space Only" when I checked the status (refer image1). However I have deployed same policy to a device already enrolled, it will be fully encrypted the disks(refer image2).

at the same time I was seen "Silent enablement of BitLocker will encrypt used disk space only." on below Microsoft article, but again I was doubt since it will be doing without any issue for already enrolled device as per image2.

https://docs.microsoft.com/en-us/mem/intune/protect/encrypt-devices


So I was wondering is there anything missed in my configurations.


Image1
136224-image1.jpg



Image2
136195-image2.jpg


Thanks,
Dilan


mem-intune-generalmem-intune-device-configurationsmem-intune-enrollmentmem-intune-application-management
image1.jpg (112.2 KiB)
image2.jpg (147.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yannara avatar image
0 Votes"
yannara answered dilannanayakkara-8008 commented

I had some other problems in Intune with bitlocker and came up to the resolution that you should use new Endpoint Security to configure all Bitlocker releated stuff. Basicall my old Configuration Profile stopped working.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks @yannara

Did you try that with Autopilot and is it doing full disk encryption?

0 Votes 0 ·
yannara avatar image yannara dilannanayakkara-8008 ·

Yes, the policy is affecting during autopilot already. I have full encryption enabled when looking at manage-bde status.

1 Vote 1 ·
yannara avatar image yannara dilannanayakkara-8008 ·

There is no selection between Full vs. used space in policy.

1 Vote 1 ·

Thank You

0 Votes 0 ·
Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered dilannanayakkara-8008 commented

@dilannanayakkara-8008, From your description, I know the silently enable Bitlocker with Autopilot is failed. If there's any misunderstanding, please let us know.

Based as I know, to enable Bitlocker silently during Autopilot, we need to make sure the ESP is enabled. When it is enabled, then the Device Encryption feature will wait until Intune policy assignment happens, and then BitLocker can be turned on and applicable settings can be used. We can follow the steps in the following link to configure to see if it is working:
https://docs.microsoft.com/en-us/mem/autopilot/bitlocker

Hope it can help.


Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks @Crystal-MSFT .

I have done the ESP enabled before reset the client for Autopilot and it was working without an issue, but my question is when BitLocker encryption is showing up as "used space only".

but if I deploy same BitLocker configuration profile to the already Intune enrolled device it has showing as "fully encrypted".

0 Votes 0 ·