Hello. I have a Windows Server 2016 VM that is Domain Joined within Azure. I'm wondering what are the Microsoft recommended ADDS GPO's for Azure Disk Encryption to handle the recovery keys with the following below I'm considering based on my research:
Allow BitLocker without a compatible TPM (Will require configuring PIN/PASSWORD protector)
Configure user storage of BitLocker recovery information -> Allow 256-bit recovery key
Configure ADDS GPOs or third party to store recovery keys
They're are a number of Bitlocker GPO's as contained within the following:
Because this is a server, I'm trying to avoid a "full bitlocker" implementation just for ADE and looking for minimum GPO's to address Azure ADE requirements and handle Azure recovery keys.